More than $16 million have been amassed by the Phobos ransomware-as-a-service group from its nearly a thousand victims, including U.S. health providers, federal contractors, and public school systems, during the past five years, according to The Record, a news site by cybersecurity firm Recorded Future.
Included in the Phobos-hit organizations that paid a ransom were a California public school system, a North Carolina children's hospital, a Maryland-based accounting and consulting service provider, and health organizations in Pennsylvania and Maryland, revealed an unsealed indictment against suspected Phobos administrator Evgenii Ptitsyn. While Phobos activity has significantly declined earlier this month amid the arrest of Ptitsyn, the RaaS operation was noted by Recorded Future ransomware expert Allan Liska to have outlasted ALPHV/BlackCat, LockBit, and other ransomware gangs due to its lower profile. Ptitsyn's arrest has also resulted in reduced activity for the 8Base ransomware gang, which has been spun off from Phobos.
