The U.S. Department of Justice (DOJ) announced Monday that Evgenii Ptitsyn, a 42-year-old Russian national, has been extradited from South Korea to the U.S. to face charges linked to the Phobos ransomware.

Prosecutors allege Ptitsyn orchestrated the operation, sale, and distribution of the malware, which has extorted over $16 million in payments from more than 1,000 victims worldwide, including schools, healthcare facilities, and government agencies. Authorities noted:

Each deployment of Phobos ransomware was assigned a unique alphanumeric string in order to match it to the corresponding decryption key, and each affiliate was directed to pay the decryption key fee to a cryptocurrency wallet unique to that affiliate.

Between December 2021 and April 2024, these fees were reportedly funneled into a wallet under Ptitsyn’s control.

Phobos ransomware, active since 2019, operates under a ransomware-as-a-service (RaaS) model, enabling affiliates to execute attacks across various sectors, including healthcare and critical infrastructure. The ransomware typically gains initial access through phishing emails with malicious attachments or by exploiting unsecured Remote Desktop Protocol (RDP) ports via brute-force attacks. Once inside a network, Phobos encrypts files and demands ransom payments, often amounting to several million dollars. Notably, Phobos has been linked to variants such as Elking, Eight, Devos, Backmydata, and Faust, sharing similar TTPs.

According to the DOJ: “Ptitsyn is charged in a 13-count indictment with wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, four counts of causing intentional damage to protected computers, and four counts of extortion in relation to hacking.” The Justice Department added:

If convicted, Ptitsyn faces a maximum penalty of 20 years in prison for each wire fraud count; 10 years in prison for each computer hacking count; and five years in prison for conspiracy to commit computer fraud and abuse.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。