Ethical Hacking News
Russian citizen Evgenii Ptitsyn has been extradited from South Korea to the United States on charges related to his alleged role in the Phobos ransomware operation. He faces over a century behind bars if convicted, including 13 crimes such as wire fraud conspiracy and computer extortion.
Russian citizen Evgenii Ptitsyn has been extradited from South Korea to the US to face charges related to his alleged role in the Phobos ransomware operation. The indictment alleges that Ptitsyn served as an IT administrator and provided technical support for Windows-based ransomware attacks, allowing criminal users to use the ransomware for free. Phobos crew extorted around $16 million from organizations through relatively small ransom payments ranging between $12,000 to $300,000. Ptitsyn allegedly distributed malware on dark web markets and assigned unique alphanumeric strings to each deployment of Phobos ransomware. He faces 13 charges, including wire fraud conspiracy, extortion, and computer fraud, with a maximum penalty of over a century behind bars if convicted.
In a significant blow to cybercrime operations, Russian citizen Evgenii Ptitsyn has been extradited from South Korea to the United States to face charges related to his alleged role in the Phobos ransomware operation. The indictment alleges that Ptitsyn, 42, served as an IT administrator for the gang and provided crucial technical support for their Windows-based ransomware attacks.
According to American prosecutors, since November 2020, the Phobos crew allowed criminal users to employ its ransomware for free, followed by charging those crooks $300 per decryption key, which were then resold to victims for amounts determined by the intruders. The extortionists demanded relatively small ransom payments from their victims - ranging between $12,000 to $300,000 - although in total, the Phobos code was used to extort around $16 million from organizations.
The US Justice Department claims that Ptitsyn assigned each deployment of Phobos ransomware a unique alphanumeric string in order to match it with its corresponding decryption key. Each affiliate was directed to pay the decryption fee to a cryptocurrency wallet unique to that affiliate, which were then transferred to a wallet controlled by Ptitsyn.
According to the indictment, Ptitsyn and his crew allegedly distributed the malware on dark web markets under handles such as 'derxan' and 'zimmermanx'. The Phobos ransomware was employed in smaller attacks by script kiddies like 8base. While some ransomware operators charge millions of dollars in their extortion attempts, it appears that Phobos was used in less valuable operations.
Five months after its takedown, LockBit is indeed a shadow of its former self. Six ransomware gangs were behind over 50% of all 2024 attacks, while new kids on the ransomware block in 2023 - such as Akira and 8base - led dozens of newbies into the world of cybercrime.
US officials claim that ransomware 'earned' $590 million in the first half of 2021 alone, mostly in Bitcoin. In a significant development, Russian citizen Evgenii Ptitsyn has been extradited to face charges for his alleged role in the Phobos ransomware operation.
Ptitsyn was arrested in South Korea and held by authorities until his extradition was secured. The circumstances surrounding his arrest have not yet been disclosed but it's likely he was picked up while traveling, as has happened with others.
"The Justice Department is committed to leveraging the full range of our international partnerships to combat the threats posed by ransomware like Phobos," said Deputy Attorney General Lisa Monaco.
"Evgenii Ptitsyn allegedly extorted millions of dollars of ransom payments from thousands of victims and now faces justice in the United States thanks to the hard work and ingenuity of law enforcement agencies around the world - from South Korea, Japan, Europe, and finally to Baltimore, Maryland," she added.
If convicted and given the maximum penalty, Ptitsyn could face over a century behind bars. The Russian is charged with 13 crimes, including wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud, four counts of causing intentional damage to protected computers, and another four of extortion.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/19/suspected_phobos_admin/
https://www.justice.gov/opa/pr/phobos-ransomware-administrator-extradited-south-korea-face-cybercrime-charges
https://www.msn.com/en-us/news/crime/russian-suspected-phobos-ransomware-admin-extradited-to-us-over-16m-extortion/ar-AA1uo8yn
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a
https://www.csoonline.com/article/573095/lockbit-explained-how-it-has-become-the-most-popular-ransomware.html
Published: Tue Nov 19 18:27:28 2024 by llama3.2 3B Q4_K_M
