The Justice Department unsealed criminal charges today against Evgenii
  Ptitsyn, 42, a Russian national, for allegedly administering the sale,
  distribution, and operation of Phobos ransomware. Ptitsyn made his
  initial appearance in the U.S. District Court for the District of
  Maryland on Nov. 4 after being extradited from South Korea. Phobos
  ransomware, through its affiliates, victimized more than 1,000 public
  and private entities in the United States and around the world, and
  extorted ransom payments worth more than $16 million dollars.

  “The Justice Department is committed to leveraging the full range of
  our international partnerships to combat the threats posed by
  ransomware like Phobos,” said Deputy Attorney General Lisa Monaco.
  “Evgenii Ptitsyn allegedly extorted millions of dollars of ransom
  payments from thousands of victims and now faces justice in the United
  States thanks to the hard work and ingenuity of law enforcement
  agencies around the world — from the Republic of Korea to Japan to
  Europe and finally to Baltimore, Maryland. Together with our partners
  across the globe, we will continue to hold cybercriminals accountable
  and protect innocent victims.”

  “The indictment alleges that Ptitsyn and his co-conspirators ran the
  Phobos ransomware group, whose members committed ransomware attacks
  against more than 1,000 public and private victims throughout the
  United States and the rest of the world,” said Principal Deputy
  Assistant Attorney General Nicole M. Argentieri, head of the Justice
  Department’s Criminal Division. “Ptitsyn and his co-conspirators hacked
  not only large corporations but also schools, hospitals, nonprofits,
  and a federally recognized tribe, and they extorted more than $16
  million in ransom payments. Ptitsyn’s indictment, arrest, and
  extradition reflect the Criminal Division’s commitment to leading the
  fight against the international scourge of ransomware. We are
  especially grateful to our domestic and foreign law enforcement
  partners, like South Korea, whose collaboration is essential to
  disrupting and deterring the most significant cybercriminal threats
  facing the United States.”

  “It’s only a matter of time, cybercriminals will be caught and brought
  to justice,” said U.S. Attorney Erek L. Barron for the District of
  Maryland. “According to the indictment, Ptitsyn facilitated the
  worldwide use of a dangerous ransomware strain to target corporations
  and various organizations, including government agencies, healthcare
  facilities, educational institutions, and critical infrastructure. The
  U.S. Attorney’s Office for the District of Maryland is committed to
  bringing cybercriminals to justice and working with the private sector
  and the academic community to prevent and disrupt their activities.”

  “The FBI is working tirelessly to ensure that ransomware actors, both
  developers and affiliates, face the consequences of their actions,”
  said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “We
  know it takes strong partnerships to disrupt cybercriminal networks,
  and the FBI must thank our partners for the important roles they play
  in carrying out this mission. The extradition announced today would not
  have been possible without their assistance.”

  As alleged in the indictment, beginning in at least November 2020,
  Ptitsyn and others conspired to engage in an international computer
  hacking and extortion scheme that victimized public and private
  entities through the deployment of Phobos ransomware.

  As part of the scheme, Ptitsyn and his co-conspirators allegedly
  developed and offered access to Phobos ransomware to other criminals or
  “affiliates” for the purposes of encrypting victims’ data and extorting
  ransom payments from victims. The administrators operated a darknet
  website to coordinate the sale and distribution of Phobos ransomware to
  co-conspirators and used online monikers to advertise their services on
  criminal forums and messaging platforms. At relevant times, Ptitsyn
  allegedly used the monikers “derxan” and “zimmermanx.”

  Affiliates would then allegedly hack into the victims’ computer
  networks, often using stolen or otherwise unauthorized credentials;
  copy and steal files and programs on the victims’ networks; and encrypt
  the original versions of the stolen data on the networks by installing
  and executing Phobos ransomware. Affiliates then extorted the victims
  for ransom payments in exchange for the decryption keys to regain
  access to encrypted data by leaving ransom notes on compromised
  victims’ computers and by calling and emailing victims to initiate the
  ransom payment negotiations. Affiliates also threatened to expose
  victims’ stolen files to the public or to the victims’ clients,
  customers, or constituents if the ransoms were not paid.

  After a successful Phobos ransomware attack, criminal affiliates paid
  fees to Phobos administrators like Ptitsyn for a decryption key to
  regain access to the encrypted files. Each deployment of Phobos
  ransomware was assigned a unique alphanumeric string in order to match
  it to the corresponding decryption key, and each affiliate was directed
  to pay the decryption key fee to a cryptocurrency wallet unique to that
  affiliate. From December 2021 to April 2024, the decryption key fees
  were then transferred from the unique affiliate cryptocurrency wallet
  to a wallet controlled by Ptitsyn.

  Ptitsyn is charged in a 13-count indictment with wire fraud conspiracy,
  wire fraud, conspiracy to commit computer fraud and abuse, four counts
  of causing intentional damage to protected computers, and four counts
  of extortion in relation to hacking. If convicted, Ptitsyn faces a
  maximum penalty of 20 years in prison for each wire fraud count; 10
  years in prison for each computer hacking count; and five years in
  prison for conspiracy to commit computer fraud and abuse. A federal
  district court judge will determine any sentence after considering the
  U.S. Sentencing Guidelines and other statutory factors.

  The FBI Baltimore Field Office is investigating the case. The Justice
  Department’s Office of International Affairs worked with the
  International Criminal Affairs Division of the Korean Ministry of
  Justice to secure the arrest and extradition of Ptitsyn. The Justice
  Department extends its thanks to international judicial and law
  enforcement partners in South Korea, the United Kingdom, Japan, Spain,
  Belgium, Poland, Czech Republic, France, and Romania, as well as
  Europol and the U.S. Department of Defense Cyber Crime Center, for
  their cooperation and coordination with the Phobos ransomware
  investigation. The Justice Department’s National Security Division also
  provided valuable assistance.

  Senior Counsel Aarash A. Haghighat of the Criminal Division’s Computer
  Crime and Intellectual Property Section (CCIPS) and Assistant U.S.
  Attorneys Aaron S.J. Zelinsky and Thomas M. Sullivan for the District
  of Maryland are prosecuting the case. CCIPS Trial Attorney Riane Harper
  and former Assistant U.S. Attorney Jeffrey J. Izant for the District of
  Maryland provided substantial assistance.

  Additional details on protecting networks against Phobos ransomware are
  available at [1]StopRansomware.gov, including Cybersecurity and
  Infrastructure Security Agency Advisory AA24-060A.

  An indictment is merely an allegation. All defendants are presumed
  innocent until proven guilty beyond a reasonable doubt in a court of
  law.

References

  1. https://www.cisa.gov/stopransomware

You are viewing proxied material from 1436.ninja. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.