cyberscoop.com Open in urlscan Pro
13.249.91.50  Public Scan

Form analysis
1 forms found in the DOM

GET https://cyberscoop.com/

<form role="search" id="searchform" class="site-search" method="get" action="https://cyberscoop.com/">
  <meta itemprop="target" content="https://cyberscoop.com/?s={s}">
  <label class="screen-reader-text" for="search-field"> Search for: </label>
  <input class="site-search__input js-site-search-input" itemprop="query-input" type="text" id="search-field" value="" placeholder="Search news, people, podcasts, videos" name="s">
  <button class="site-search__button">
    <svg class="icon icon--search" width="19" height="19" fill="none" viewBox="0 0 19 19" xmlns="http://www.w3.org/2000/svg">
      <path
        d="M7.9.7a6.805 6.805 0 0 0-6.8 6.8c0 3.752 3.048 6.8 6.8 6.8a6.757 6.757 0 0 0 3.975-1.288l5.262 5.25 1.125-1.125-5.2-5.212A6.77 6.77 0 0 0 14.7 7.5c0-3.752-3.048-6.8-6.8-6.8Zm0 .8c3.319 0 6 2.681 6 6s-2.681 6-6 6-6-2.681-6-6 2.681-6 6-6Z"
        fill="currentColor" stroke="currentColor"></path>
    </svg>
    <span class="visually-hidden">Search</span>
  </button>
</form>

Text Content

Skip to main content
Advertisement

 * CyberScoop
 * AIScoop
 * FedScoop
 * DefenseScoop
 * StateScoop
 * EdScoop

Advertise Search Close
Search for: Search

Open navigation
 * Topics
   Back
    * AI
    * Cybercrime
    * Commentary
    * Financial
    * Government
    * Policy
    * Privacy
    * Technology
    * Threats
    * Research
    * Workforce

 * Special Reports
 * Events
 * Podcasts
 * Videos
 * Insights
 * Subscribe to Newsletters
 * Advertise

Switch Site
 * CyberScoop
 * AIScoop
 * FedScoop
 * DefenseScoop
 * StateScoop
 * EdScoop

Subscribe
Advertisement

Subscribe to our daily newsletter.
Subscribe
Close
 * Cybercrime


ALLEGED RUSSIAN PHOBOS RANSOMWARE ADMINISTRATOR EXTRADITED TO U.S., IN CUSTODY

Evgenii Ptitsyn is said to have helped operate a ransomware-as-a-service
organization that extorted millions from more than 1K victims, including schools
and hospitals.

By Tim Starks

November 18, 2024

Listen to this article
2:36
Learn more. This feature uses an automated voice, which may result in occasional
errors in pronunciation, tone, or sentiment.
This handout image, obtained August 21, 2008 taken by the High Resolution Stereo
Camera on board the ESA’s Mars Express shows the highest-resolution full-disc
image yet of the surface of the moon Phobos. (Photo by NASA/ESA via Getty
Images)

A Russian man who allegedly served as an administrator of the Phobos ransomware
that’s extorted millions of dollars from more than a thousand victims is in U.S.
custody, the Justice Department said Monday.

South Korea extradited Evgenii Ptitsyn, 42, to the United States for a court
appearance Nov. 4, according to a news release about an unsealed 13-count
indictment.

The Phobos ransomware has extorted over $16 million from more than 1,000 victims
worldwide, including schools, hospitals, government agencies and large
corporations, DOJ said. The department chalked up the arrest to international
team-ups.

“The Justice Department is committed to leveraging the full range of our
international partnerships to combat the threats posed by ransomware like
Phobos,” said Deputy Attorney General Lisa Monaco. “Evgenii Ptitsyn allegedly
extorted millions of dollars of ransom payments from thousands of victims and
now faces justice in the United States thanks to the hard work and ingenuity of
law enforcement agencies around the world — from the Republic of Korea to Japan
to Europe and finally to Baltimore, Maryland.”

Advertisement


Ptitsyn faces charges of wire fraud, wire fraud conspiracy, conspiracy to commit
computer fraud and abuse, as well as four counts of extortion in relation to
hacking and four counts of causing intentional damage to protected computers.

Along with his co-conspirators, Ptitsyn — who was known by the online handles
“derxan” and “zimmermanx” at times — developed Phobos and offered access to the
ransomware to other criminals in exchange for fees from successful ransomware
attacks.

Those attacks began as far back as four years ago, and drew a warning from the
Cybersecurity and Infrastructure Security Agency and the Federal Bureau of
Investigation in February that Phobos was targeting state and local government
services.

The ransomware is both “pretty standard” and noted for its small ransom demands,
according to cybersecurity researchers.

Another researcher said the arrest makes sense in light of recent data about
Phobos and 8Base ransomware operators that used a variant of Phobos.

Advertisement


“We recently identified a significant drop” in Phobos activity, Alexander
Leslie, threat intelligence analyst for Recorded Future, said on X, “with 8Base
stalling entirely last month.

“We have an explanation,” he wrote on the social media platform.

WRITTEN BY TIM STARKS

Tim Starks is senior reporter at CyberScoop. His previous stops include working
at The Washington Post, POLITICO and Congressional Quarterly. An Evansville,
Ind. native, he's covered cybersecurity since 2003. Email Tim here:
tim.starks@cyberscoop.com.

IN THIS STORY

 * 8Base
 * CISA
 * Cybersecurity and Infrastructure Security Agency
 * Cybersecurity and Infrastructure Security Agency (CISA)
 * Department of Justice (DOJ)
 * doj
 * education
 * Europe
 * Evgenii Ptitsyn
 * FBI
 * Federal Bureau of Investigation (FBI)
 * health care
 * Japan
 * Justice Department
 * Lisa Monaco
 * RaaS
 * ransomware
 * Recorded Future
 * Russia
 * South Korea

Share
 * Facebook
 * LinkedIn
 * Twitter
 * Copy Link

Advertisement

Advertisement



MORE LIKE THIS


 1. HERE’S THE INDICTMENT AGAINST TWO MEN ALLEGEDLY RESPONSIBLE FOR SNOWFLAKE
    CUSTOMER BREACH 
    
    By Greg Otto


 2. SCHNEIDER ELECTRIC REPORTS CYBERATTACK, ITS THIRD INCIDENT IN 18 MONTHS
    
    By Christian Vasquez


 3. MORE BUGS IN PALO ALTO EXPEDITION SEE ACTIVE EXPLOITATION, CISA WARNS
    
    By Christian Vasquez

Advertisement



TOP STORIES


 1. HACKERONE URGES U.S. TO ADVOCATE FOR RESEARCH PROTECTIONS IN UN CYBERCRIME
    TREATY
    
    By Greg Otto


 2. CAN THE GLOBAL ENGAGEMENT CENTER MAKE THE CASE FOR ITSELF?
    
    By Rebecca Heilweil Derek B. Johnson

Advertisement



MORE SCOOPS

A pedestrian walks past a seal reading “Department of Justice Federal Bureau of
Investigation”, displayed on the J. Edgar Hoover FBI building, in Washington,
DC, on August 15, 2022. (Photo by MANDEL NGAN / AFP)


US, UK AUTHORITIES UNMASK RUSSIAN NATIONAL AS LOCKBIT ADMINISTRATOR

Dmitry Yuryevich Khoroshev is the driving force behind one of the most virulent
ransomware syndicates in recent years, authorities said.
By AJ Vicens
The FIN7 hacking group stole more than 15 million payment cards from businesses
throughout the U.S., according to the FBI (Flickr/Vilson Frangaj).


ALLEGED FIN7 HACKING DIRECTOR ANDRII KOLPAKOV SET TO BE EXTRADITED TO THE U.S.

By Jeff Stone
(Francis Storr/ Flickr)


U.S., RUSSIA FIGHTING TO EXTRADITE SUSPECTED RUSSIAN CYBERCRIMINAL WHO RAN $4
BILLION BITCOIN EXCHANGE

By Patrick Howell O'Neill


CANADIAN ALLEGEDLY PAID BY FSB OFFICERS TO BREACH YAHOO WILL BE EXTRADITED TO
U.S.

By Chris Bing


LATEST PODCASTS

SPECIAL CYBERTALKS EDITION WITH NATIONAL CYBER DIRECTOR HARRY COKER

SECURING THE SKIES: AEROSPACE CYBERSECURITY WITH DAVID BRUMLEY

VERIZON’S LAMONT COPELAND ON DEFENDING AGAINST THE EXPANDING ATTACK SURFACE

CISCO’S JANE ZIPOLI ON HOW CLOUD SERVICES AFFECT REAL-TIME THREAT DETECTION


GOVERNMENT

 * DHS nominee Kristi Noem stood alone for rejecting department cyber grants to
   state, local governments
 * Host of House panels getting briefed on major Chinese hacker telecom breaches
 * TSA issues proposed cyber mandates for pipelines, rail, airlines
 * The post-election threats you need to prepare for, according to experts


TECHNOLOGY

 * Bitsight acquires Cybersixgill for $115 million
 * Here’s how misconfigurations in Microsoft Power Pages could lead to data
   breaches
 * Trustwave and Cybereason announce merger
 * Senator urges Meta CEO to maintain election research partnerships


THREATS

 * Moody's Rating adds telecoms, airlines, utilities to highest risk category
 * North Korean-linked hackers were caught experimenting with new macOS malware
 * China's elite hackers expand target list to European Union
 * Man arrested in Canada believed to be behind Snowflake customer breach


GEOPOLITICS

 * The UN cybercrime convention threatens security research. The US should do
   something about it
 * Legal barriers complicate justice for spyware victims
 * Iranian hackers are going after critical infrastructure sector passwords,
   agencies caution
 * Agencies warn about Russian government hackers going after unpatched
   vulnerabilities

Advertisement

About Us
 * FedScoop
 * DefenseScoop
 * StateScoop
 * EdScoop
 * CyberScoop
 * AIScoop

 * Newsletters
 * Advertise with us
 * Ad specs
 * (202) 887-8001
 * hello@cyberscoop.com

 * FB
 * TW
 * LinkedIn
 * IG
 * YT

Close Ad

Continue to CyberScoop