A Russian ransomware kingpin extradited from South Korea to the U.S. faces charges for orchestrating the $16 million Phobos malware targeting global critical infrastructure.
Justice Catches Up: The Fall of a Ransomware Kingpin
The U.S. Department of Justice (DOJ) announced Monday that Evgenii Ptitsyn, a 42-year-old Russian national, has been extradited from South Korea to the U.S. to face charges linked to the Phobos ransomware.
Prosecutors allege Ptitsyn orchestrated the operation, sale, and distribution of the malware, which has extorted over $16 million in payments from more than 1,000 victims worldwide, including schools, healthcare facilities, and government agencies. Authorities noted:
Each deployment of Phobos ransomware was assigned a unique alphanumeric string in order to match it to the corresponding decryption key, and each affiliate was directed to pay the decryption key fee to a cryptocurrency wallet unique to that affiliate.
Between December 2021 and April 2024, these fees were reportedly funneled into a wallet under Ptitsyn’s control.
Phobos ransomware, active since 2019, operates under a ransomware-as-a-service (RaaS) model, enabling affiliates to ute attacks across various sectors, including healthcare and critical infrastructure. The ransomware typically gains initial access through phishing emails with malicious attachments or by exploiting unsecured Remote Desktop Protocol (RDP) ports via brute-force attacks. Once inside a network, Phobos encrypts files and demands ransom payments, often amounting to several million dollars. Notably, Phobos has been linked to variants such as Elking, Eight, Devos, Backmydata, and Faust, sharing similar TTPs.
According to the DOJ: “Ptitsyn is charged in a 13-count indictment with wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, four counts of causing intentional damage to protected computers, and four counts of extortion in relation to hacking.” The Justice Department added:
If convicted, Ptitsyn faces a maximum penalty of 20 years in prison for each wire fraud count; 10 years in prison for each computer hacking count; and five years in prison for conspiracy to commit computer fraud and abuse.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
