Russian National Pleads Guilty in Phobos Ransomware Scheme, Faces 20-Year Sentence
A 43-year-old Russian national, Evgenii Ptitsyn, pleaded guilty to wire fraud charges on Wednesday for his role as a key figure in the Phobos ransomware operation. Ptitsyn, the primary developer behind the ransomware, faces up to 20 years in prison and is scheduled for sentencing on July 15.
Ptitsyn and his associates launched the Phobos ransomware campaign in November 2020, targeting over 1,000 organizations worldwide. He was arrested in South Korea and extradited to the U.S. in November 2024. According to prosecutors, Ptitsyn marketed the ransomware on cybercriminal forums, managed the gang’s darknet site for selling stolen data, and took a percentage of ransom payments from affiliates who carried out attacks.
Among the victims were the California public school system, which paid a $300,000 ransom in 2023, as well as multiple healthcare organizations and businesses. U.S. authorities estimate that Phobos and its related strain, 8Base, extorted over $16 million from victims globally since 2019.
Law enforcement in the U.S. and Europe have dismantled parts of the group over the past two years, including recent arrests in Poland and Thailand. In July 2024, Japanese officials released a free decryption tool to help organizations recover from Phobos attacks.
Source: https://therecord.media/phobos-ransomware-leader-facing-20-years
California Medical Evaluators cybersecurity rating report: https://www.rankiteo.com/company/california-medical-evaluators-inc-
"id": "CAL1772735084",
"linkid": "california-medical-evaluators-inc-",
"type": "Ransomware",
"date": "11/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Education',
'location': 'California, USA',
'name': 'California public school system',
'type': 'Educational institution'},
{'industry': 'Healthcare',
'type': 'Healthcare organizations'},
{'type': 'Businesses'}],
'attack_vector': 'Cybercriminal forums, darknet site for selling stolen data',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes (data sold on darknet)'},
'description': 'A 43-year-old Russian national, Evgenii Ptitsyn, pleaded '
'guilty to wire fraud charges for his role as a key figure in '
'the Phobos ransomware operation. Ptitsyn, the primary '
'developer behind the ransomware, faces up to 20 years in '
'prison. The Phobos ransomware campaign targeted over 1,000 '
'organizations worldwide since November 2020.',
'impact': {'data_compromised': 'Stolen data sold on darknet',
'financial_loss': '$16 million (estimated total extorted)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'investigation_status': 'Ongoing (parts of the group dismantled)',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_paid': '$300,000 (California public school system)',
'ransomware_strain': 'Phobos, 8Base'},
'references': [{'source': 'U.S. Department of Justice'}],
'regulatory_compliance': {'legal_actions': 'Wire fraud charges (U.S.)'},
'response': {'law_enforcement_notified': 'Yes (U.S. and European authorities)',
'remediation_measures': 'Free decryption tool released by '
'Japanese officials (July 2024)'},
'threat_actor': 'Evgenii Ptitsyn and associates',
'title': 'Russian National Pleads Guilty in Phobos Ransomware Scheme',
'type': 'Ransomware'}