Russian man admits role in global Phobos ransomware attacks

CyberScoop reports that Russian national Evgenii Ptitsyn is facing up to 20 years in prison after pleading guilty to charges related to his involvement in the Phobos ransomware operation.

The 43-year-old admitted to his role in running the ransomware group, where court records say he was involved in since 2019. Ptitsyn took on a leadership position in the group in January 2022 before he was arrested in May 2024 in South Korea. According to prosecutors, the scheme was used by affiliates to target more than 1,000 organizations worldwide and collect over $39 million in ransom payments.

Phobos administrators ran a website that coordinated the sale and distribution of the ransomware to affiliates, who paid $300 for a unique decryption key after carrying out attacks. Authorities said Ptitsyn controlled cryptocurrency wallets that collected thousands of those payments, receiving 25% of the decryption key fees and sometimes a share of the ransom proceeds.

"Ptitsyn and others were responsible for dozens of ransomware attacks against U.S. victims, including health care companies, hospitals, educational institutions, and providers of essential services," according to federal prosecutors' stipulation of facts in a plea agreement with Ptitsyn.

As part of the plea deal, Ptitsyn agreed to forfeit $1.77 million in assets and pay at least $39.3 million in restitution to victims, while federal prosecutors dropped several charges.