The US Department of Justice has charged Russian national Evgenii Ptitsyn with operating and distributing the Phobos ransomware, a malicious software variant used to extort millions from victims worldwide.

Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division, said “Ptitsyn and his co-conspirators hacked not only large corporations but also schools, hospitals, nonprofits, and a federally recognized tribe, and they extorted more than $16 million in ransom payments.”

Phobos operators typically demanded relatively small ransoms, averaging $1,719 and sometimes as low as $300. These modest demands were calculated to make payment more appealing than the cost of recovery. For instance, a Maryland healthcare provider reportedly paid just $2,300 to regain access to its systems. However, the financial strain on victims extended far beyond ransom payments. Recovery costs for ransomware attacks average $4.7 million, factoring in downtime, reputational damage, and rebuilding systems.

Ptitsyn allegedly facilitated these attacks through a ransomware-as-a-service model, selling access to Phobos on the dark web. Buyers paid for tools to execute the attacks and returned a portion of their profits to Ptitsyn’s cryptocurrency accounts. Phobos was deployed using methods like phishing campaigns, brute-force attacks, and exploiting system vulnerabilities, locking victims out of critical data and systems.
After his arrest in South Korea and subsequent extradition to the United States, Ptitsyn now faces 13 charges, including wire fraud and conspiracy to commit computer fraud. If convicted, he could face decades in prison, with each wire fraud count carrying a maximum penalty of 20 years.

In response to the extradition of Evgenii Ptitsyn, the alleged leader behind the Phobos ransomware campaign, US Attorney Erek L. Barron for the District of Maryland emphasized the government’s commitment to combating cybercrime, stating, “It’s only a matter of time, cybercriminals will be caught and brought to justice.”

The case highlights the growing global threat of ransomware, which remains one of the most damaging cybercrime methods today. US authorities stress the importance of vigilance and international cooperation to combat these attacks, which continue to evolve and target victims indiscriminately.