The U.S. government has secured the extradition of an alleged Russian hacker who allegedly served as a key administrator of the prolific Phobos ransomware operation.
Prosecutors said Monday that Evgenii Ptitsyn, 42, was recently extradited from South Korea to appear in a Maryland federal court on November 4. Ptitsyn is accused of administering the sale, distribution, and operation of Phobos, a type of ransomware operation that was used by cybercriminals to launch cyberattacks and extort at least $16 million from over a thousand public and private victims globally.
An newly unsealed indictment reveals that these victims include a Maryland-based company that provided accounting and consulting services to federal agencies; several Maryland-based healthcare providers; a New York-based law enforcement union; an Illinois-based contractor for the U.S. Department of Defence and the U.S. Department of Energy; and a North Carolina-based children’s hospital.
The unnamed companies listed in the indictment against Ptitsyn paid ransoms ranging from $12,000 to $300,000, with one of the victims — an unnamed Maryland-based healthcare provider — paying $2,300 to receive a decryption key to regain access to their maliciously scrambled files.
According to the indictment, Ptitsyn joined the Phobos operation in 2020. Prosecutors say Ptitsyn helped to develop and distribute the ransomware to affiliates, who work as contractors, who use the ransomware to launch attacks.
Ptitsyn and his co-conspirators allegedly advertised the Phobos ransomware for free through posts on cybercrime forums, but would then charge their affiliates around $300 to receive the decryption key to access the data that they stole from their victim.
The feds said they caught Ptitsyn in part because the decryption fees were transferred to a cryptocurrency wallet “in the possession and control of Ptitsyn,” the indictment states.
Other cybercrime groups, including 8Base, have been known to use the Phobos ransomware in their attacks.
“Evgenii Ptitsyn allegedly extorted millions of dollars of ransom payments from thousands of victims and now faces justice in the United States thanks to the hard work and ingenuity of law enforcement agencies around the world — from the Republic of Korea to Japan to Europe and finally to Baltimore, Maryland,” said U.S. deputy attorney general Lisa Monaco in remarks.
Ptitsyn is charged with wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, and multiple counts of causing intentional damage to protected computers and extortion. If convicted, Ptitsyn faces decades in prison.