BALTIMORE, MD—Evgenii Ptitsyn, a 42-year-old Russian national, was extradited from South Korea to face charges related to his alleged role in the Phobos ransomware scheme. He made his initial appearance in U.S. District Court for the District of Maryland on November 4th. The Justice Department alleges that Ptitsyn served as a key administrator of the Phobos ransomware operation, overseeing the sale and distribution of the malware to criminal affiliates who used it to encrypt victims’ data and extort ransom payments.

The indictment alleges that Ptitsyn and his co-conspirators operated a darknet website to coordinate these activities and used aliases, including “derxan” and “zimmermanx,” to advertise their services on criminal forums. The ransomware group, led by Ptitsyn, targeted more than 1,000 victims worldwide, including corporations, schools, hospitals, nonprofits, and a federally recognized tribe. The group is accused of extorting more than $16 million in ransom payments.

After a successful Phobos ransomware attack, criminal affiliates paid fees to Ptitsyn and other administrators for decryption keys. Each ransomware deployment was assigned a unique alphanumeric string to ensure it could be matched to the corresponding decryption key. These fees were deposited into a cryptocurrency wallet controlled by Ptitsyn.

Ptitsyn faces 13 counts related to his alleged involvement in the Phobos ransomware scheme. These include conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud and abuse, four counts of causing intentional damage to protected computers, and four counts of extortion in relation to hacking. The maximum penalty for these charges include 20 years in prison for each wire fraud count, 10 years in prison for each computer hacking count, and five years in prison for conspiracy to commit computer fraud and abuse. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI Baltimore Field Office is leading the investigation. The Justice Department collaborated with the Korean Ministry of Justice to secure Ptitsyn’s arrest and extradition. The Justice Department acknowledges the significant contributions of various law enforcement partners, including South Korea, the United Kingdom, Japan, Spain, Belgium, Poland, the Czech Republic, France, and Romania, as well as Europol and the U.S. Department of Defense Cyber Crime Center, in the Phobos ransomware investigation. The Justice Department’s National Security Division also provided support for the investigation.

This article was written with the assistance of AI and reviewed by a human editor.

Photo via Pixabay