A Russian national accused of masterminding a notorious ransomware-as-a-service operation has been extradited from South Korea and is now in American custody facing criminal charges for his cybercrime activities, the United States Department of Justice announced Monday.
Evgenii Ptitsyn was extradited by South Korean authorities and appeared in a U.S. court in Maryland on Nov. 4. He faces 13 charges related to the sale, operation, and distribution of the Phobos ransomware service, the Department of Justice said.
The indictment against Ptitsyn includes charges of wire fraud, conspiracy to commit wire and computer fraud, four counts of hacking-related extortion, and four counts of intentionally damaging protected computers.
According to the charges, Ptitsyn and others have been accused of orchestrating an international hacking and extortion scheme since November 2020 using Phobos ransomware. They allegedly developed and sold the ransomware to criminal affiliates on a darknet site, using aliases such as “derxan” and “zimmermanx.”
The affiliates allegedly hacked into victims’ networks, stole and encrypted data, and demanded ransom payments, often threatening to leak stolen files if the ransoms were not paid. According to the allegations, ransom payments were sent to administrators like Ptitsyn, who managed cryptocurrency wallets tied to the scheme. Between December 2021 and April 2024, these payments were funneled to a wallet under Ptitsyn’s control.
According to the indictment obtained by The Readable, Ptitsyn’s unnamed co-conspirators allegedly breached the computer networks of educational institutions, healthcare facilities, and other victims in the U.S. They are accused of deploying ransomware on these networks and demanding payment in Bitcoin. One notable victim was a contractor for the U.S. Department of Defense.
Phobos ransomware, active since at least 2019, has drawn significant attention from cybersecurity researchers for its evolving forms. According to the Department of Justice, Phobos affiliates have targeted over 1,000 entities worldwide, extorting more than $16 million in ransom payments.
Phobos affiliates are generally regarded as less technically sophisticated than members of larger ransomware groups. They have also gained a reputation for making smaller ransom demands compared to other cybercriminal organizations.
Ransomware, a major contributor to cybercrime losses, involves holding victims’ data or systems hostage and demanding payment under strict time limits. In recent years, it has cost organizations billions of dollars annually.
“The Justice Department is committed to leveraging the full range of our international partnerships to combat the threats posed by ransomware like Phobos,” Deputy Attorney General Lisa Monaco said in a statement.
“Evgenii Ptitsyn allegedly extorted millions of dollars in ransom payments from thousands of victims and now faces justice in the United States, thanks to the hard work and ingenuity of law enforcement agencies worldwide—from the Republic of Korea to Japan to Europe, and finally to Baltimore, Maryland,” Monaco added.
Related article: Operation Kraken: Australian police hack criminal app to arrest its creator
The Australian Federal Police (AFP) announced on Wednesday the arrest of an alleged mastermind behind Ghost, an encrypted communication platform used exclusively by criminals. The arrest was made possible through international law enforcement efforts known as ‘Operation Kraken.’
According to an AFP press release, a 32-year-old man from New South Wales has been charged with creating and managing Ghost, an encrypted communication platform allegedly designed solely for criminal use.
Australian broadcaster ABC News reported that the charged man is Jay Je Yoon Jung. By day, Jung worked for his parents’ commercial cleaning business, but by night, he is alleged to have been the mastermind behind Ghost.
Police believe that Jung created Ghost nine years ago, when he was 23. They allege that the platform has been used by the criminal underworld to facilitate serious crimes, including drug trafficking, money laundering, contract killings, and threats of violence. According to the police, the app has been favored by Italian gangs in Victoria, bikies in Western Australia, and Middle Eastern organized crime syndicates in New South Wales. READ MORE
