A 42-year-old Russian national has appeared in court in the US on suspicion of administering the sale, distribution and operation of Phobos ransomware, according to the Justice Department (DoJ).
Evgenii Ptitsyn was in the US District Court for the District of Maryland on November 4 after being extradited from South Korea, according to documents unsealed yesterday.
A 13-count indictment includes wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, four counts of causing intentional damage to protected computers and four counts of extortion in relation to hacking.
Beginning in at least November 2020, Ptitsyn is accused of conspiring with others to develop the Phobos ransomware and sell access to affiliate groups, as well as advertising his services on criminal forums and messaging platforms under the pseudonyms “derxan” and “zimmermanx.”
Read more on Phobos: Phobos Ransomware Family Expands With New FAUST Variant
As per a typical ransomware-as-a-service affiliate scheme, the affiliate groups would compromise victim networks using illegally obtained credentials, before exfiltrating data and encrypting the original versions with Phobos, the DoJ claimed.
The victims were then apparently extorted and pressured to pay via follow-up phone calls, emails and threats to expose the stolen files to clients, customers and members of the public.
Following a successful breach, Ptitsyn and his conspirators were paid by affiliates for access to a decryption key, according to the court documents. Between December 2021 and April 2024, these key fees were then transferred from the unique affiliate cryptocurrency wallet to a wallet controlled by Ptitsyn.
The Phobos operation is thought to have victimized over 1000 organizations worldwide including schools, hospitals and non-profits, and extorted payments in excess of $16m in this way.
“The Justice Department is committed to leveraging the full range of our international partnerships to combat the threats posed by ransomware like Phobos,” said deputy attorney general Lisa Monaco.
“Evgenii Ptitsyn allegedly extorted millions of dollars of ransom payments from thousands of victims and now faces justice in the United States thanks to the hard work and ingenuity of law enforcement agencies around the world – from the Republic of Korea to Japan to Europe and finally to Baltimore, Maryland. Together with our partners across the globe, we will continue to hold cybercriminals accountable and protect innocent victims.”
If found guilty, Ptitsyn faces a maximum jail term of over 120 years.