The U.S. Justice Department has unsealed charges against Evgenii Ptitsyn, a 42-year-old Russian national, for allegedly orchestrating the sale and distribution of the notorious Phobos ransomware.

Extradited from South Korea, Ptitsyn appeared in the U.S. District Court for the District of Maryland on November 4. Phobos ransomware has been linked to over 1,000 victims worldwide, extorting more than $16 million from public and private entities.

A Coordinated International Effort
Deputy Attorney General Lisa Monaco lauded the international collaboration that led to Ptitsyn’s arrest, emphasizing that global partnerships are crucial in combating ransomware threats. “Evgenii Ptitsyn allegedly extorted millions from thousands of victims and now faces justice in the U.S.,” Monaco said, highlighting contributions from South Korea, Japan, Europe, and U.S. agencies.

Principal Deputy Assistant Attorney General Nicole M. Argentieri underscored the wide-reaching impact of Phobos ransomware, which targeted organizations including schools, hospitals, nonprofits, and even a federally recognized tribe. “Ptitsyn’s indictment reflects our commitment to fighting ransomware globally,” Argentieri stated.

A Methodical Scheme
According to the indictment, Ptitsyn and his co-conspirators ran Phobos ransomware operations from at least November 2020. They allegedly developed the ransomware, marketed it on darknet forums, and provided access to affiliates, who carried out the attacks. These affiliates hacked into networks, encrypted data, and demanded ransom payments, threatening to leak sensitive information if their demands were not met.

Buy Me a Coffee

Ransom payments were routed through cryptocurrency wallets, with affiliates paying fees to Ptitsyn for decryption keys. Between December 2021 and April 2024, these fees were funneled into wallets controlled by Ptitsyn, prosecutors allege.

READ
US Officials Urge Use of Encrypted Apps to Safeguard Communications Amid Ongoing Telecom Hack Risks

Serious Charges and Potential Penalties
Ptitsyn faces a 13-count indictment, including charges of wire fraud, computer fraud, and extortion. If convicted, he could face up to 20 years in prison for each wire fraud count and additional terms for other charges.

U.S. Attorney Erek L. Barron emphasized the significance of holding cybercriminals accountable: “Ptitsyn facilitated a dangerous ransomware strain that targeted critical sectors, from healthcare to education.”

The FBI, which played a key role in the investigation, reiterated its commitment to pursuing ransomware actors. Assistant Director Bryan Vorndran of the FBI’s Cyber Division stated, “The extradition of Ptitsyn was made possible through robust global partnerships.”

This case serves as a stark reminder of the persistent threat posed by ransomware and the global efforts required to bring perpetrators to justice.