Polish police detain suspect linked to Phobos ransomware group

Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group, seizing computers and mobile phones containing stolen credentials, credit card numbers, and server access data. The arrest occurred in the Małopolska region as part of "Operation Aether," an international effort coordinated by Europol targeting Phobos infrastructure and affiliates, as reported by Bleeping Computer.

During a search of the suspect's residence, investigators discovered files containing credentials, passwords, credit card numbers, and server IP addresses, potentially enabling unauthorized access and ransomware attacks. The suspect is also believed to have communicated with the Phobos cybercrime organization via encrypted messaging applications. Phobos, a ransomware-as-a-service operation derived from the Crysis ransomware family, has been linked to over 1,000 breaches worldwide, with ransom payments exceeding $16 million. Operation Aether has targeted various levels of the Phobos operation, including infrastructure operators and affiliates.

The ongoing international crackdown on Phobos has also included arrests and server seizures in Thailand and Italy. Law enforcement agencies have also proactively warned over 400 companies of imminent attacks. The development of free decryptors by Japanese police further aids victims.

Source: Bleeping Computer