Russian national Evgenii Ptitsyn, linked to Phobos ransomware, faces U.S. charges for extortion and hacking, with over $16M in damages globally.
The U.S. Department of Justice has charged Evgenii Ptitsyn (using online aliases “derxan” and “zimmermanx,”) a 42-year-old Russian national, for his alleged role in the sale, distribution, and operation of Phobos ransomware. Ptitsyn appeared in the U.S. District Court for the District of Maryland on November 4, following his extradition from South Korea.
Phobos ransomware, allegedly managed by Ptitsyn and his associates, targeted over 1,000 public and private entities worldwide, including large corporations, governments, schools, hospitals, and nonprofits. The ransomware operation extorted more than $16 million in ransom payments from its victims.
According to the indictment, Ptitsyn and his co-conspirators developed and offered Phobos ransomware to other criminals, known as affiliates, who used the ransomware to encrypt victims’ data and demand ransom payments. The administrators operated a darknet website to coordinate the sale and distribution of Phobos ransomware and used online aliases to advertise their services on criminal forums.
Deputy Attorney General Lisa Monaco emphasized the Justice Department’s commitment to leveraging international partnerships to combat ransomware threats. “Evgenii Ptitsyn allegedly extorted millions of dollars from thousands of victims and now faces justice in the United States thanks to the collaboration of law enforcement agencies across the globe,” Monaco stated in a press release.
Facing the Consequences
Ptitsyn is charged with multiple counts, including wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud, causing intentional damage to protected computers, and extortion. If convicted, he faces significant prison time, with a maximum penalty of 20 years for each wire fraud count and 10 years for computer hacking charges.
A Global Effort
The arrest and extradition of Ptitsyn were the result of a collaborative effort between US and international law enforcement agencies. The DoJ acknowledged the support of South Korea, the United Kingdom, Japan, Spain, Belgium, Poland, the Czech Republic, France, and Romania, as well as Europol, which played a vital role in the description of the Phobos ransomware network.
