Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
The creator of the ransomware will stand trial.
The U.S. Department of Justice has indicted Evgeny Ptitsyn for allegedly directing a scheme to sell, distribute, and operate the Phobos ransomware.
According to the agency, 42-year-old Ptitsyn was extradited from South Korea and appeared in the Maryland District Court on November 4. The operation involved law enforcement agencies from South Korea, the United Kingdom, Japan, Spain, France, Romania and other countries, with the support of Europol and other international organizations.
Phobos has attacked more than 1,000 public and private organizations in the U.S. and other countries, causing more than $16 million in damages. Victims included hospitals, schools, nonprofits, and even a federally recognized tribe.
Ptitsyn and his accomplices developed and provided access to Phobos to other cybercriminals (affiliates). Through darknet sites and instant messengers, hackers advertised their services under the pseudonyms "derxan" and "zimmermanx". Affiliates penetrated victims' networks, encrypted data with Phobos, and demanded a ransom for decryption. If the victim refused to pay the money, the stolen information threatened to become public.
After negotiating with the victims, the cybercriminals paid Ptitsyn for the decryption keys, transferring the money to specific wallets. Then, from December 2021 to April 2024, funds from these wallets were transferred to Ptitsyn's wallet.
The charges include 13 counts, including fraud, cyberattacks and extortion. If found guilty, the maximum penalty for each count of fraud is up to 20 years in prison, for cyberattacks - up to 10 years, for conspiracy to commit computer fraud - up to 5 years.
In March of this year, CISA published an advisory warning on known cyberattack methods and indicators of hacking of the Phobos group. According to CISA, since 2019, Phobos, operating on the RaaS (Ransomware-as-a-Service) model, has attacked the information systems of municipal and district authorities, emergency services, educational institutions, medical institutions, and other critical facilities. The RaaS model allows people with minimal knowledge and experience to launch attacks using ready-made tools.
Source
The U.S. Department of Justice has indicted Evgeny Ptitsyn for allegedly directing a scheme to sell, distribute, and operate the Phobos ransomware.
According to the agency, 42-year-old Ptitsyn was extradited from South Korea and appeared in the Maryland District Court on November 4. The operation involved law enforcement agencies from South Korea, the United Kingdom, Japan, Spain, France, Romania and other countries, with the support of Europol and other international organizations.
Phobos has attacked more than 1,000 public and private organizations in the U.S. and other countries, causing more than $16 million in damages. Victims included hospitals, schools, nonprofits, and even a federally recognized tribe.
Ptitsyn and his accomplices developed and provided access to Phobos to other cybercriminals (affiliates). Through darknet sites and instant messengers, hackers advertised their services under the pseudonyms "derxan" and "zimmermanx". Affiliates penetrated victims' networks, encrypted data with Phobos, and demanded a ransom for decryption. If the victim refused to pay the money, the stolen information threatened to become public.
After negotiating with the victims, the cybercriminals paid Ptitsyn for the decryption keys, transferring the money to specific wallets. Then, from December 2021 to April 2024, funds from these wallets were transferred to Ptitsyn's wallet.
The charges include 13 counts, including fraud, cyberattacks and extortion. If found guilty, the maximum penalty for each count of fraud is up to 20 years in prison, for cyberattacks - up to 10 years, for conspiracy to commit computer fraud - up to 5 years.
In March of this year, CISA published an advisory warning on known cyberattack methods and indicators of hacking of the Phobos group. According to CISA, since 2019, Phobos, operating on the RaaS (Ransomware-as-a-Service) model, has attacked the information systems of municipal and district authorities, emergency services, educational institutions, medical institutions, and other critical facilities. The RaaS model allows people with minimal knowledge and experience to launch attacks using ready-made tools.
Source
