BALTIMORE, MD—The US Department of Justice announced the unsealing of criminal charges against two Russian nationals, Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, this week. They are accused of operating a cybercrime group that used Phobos ransomware to attack over 1,000 organizations worldwide, earning more than $16 million in ransom payments.

Berezhnoy and Glebov are alleged to have been involved in the Phobos ransomware operation from May 2019 to at least October 2024. Their targets included various public and private entities, such as a children’s hospital, healthcare providers, and educational institutions. The victims suffered significant losses due to data inaccessibility and the financial burden of ransom payments. The conspirators then allegedly extorted the victims for ransom payments in exchange for the decryption keys to regain access to the encrypted data by, among other things, leaving a ransom note on compromised victim computers and separately reaching out to victims to initiate ransom payment negotiations.

The arrests of Berezhnoy and Glebov are part of a larger international operation that involved Europol, German authorities, the FBI, and other international law enforcement partners. The operation resulted in the disruption of over 100 servers associated with the Phobos ransomware network.

This announcement follows the recent arrest and extradition of another Russian national, Evgenii Ptitsyn, for his alleged role in administering the Phobos ransomware variant.

Berezhnoy and Glebov face a total of 11 charges, including wire fraud conspiracy, computer fraud and abuse, extortion, and unauthorized access to protected computers. Each faces a maximum sentence of 20 years in prison for wire fraud-related charges, 10 years for computer damage charges, and five years for other counts. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The US Department of Justice emphasizes the importance of network protection against Phobos ransomware and provides resources on its website, https://www.StopRansomware.gov.

This article was written with the assistance of AI and reviewed by a human editor.