The administrator of the Phobos ransomware, which was used to attack the cadastre in 2022, was arrested

cyber chronicle, 19.11.2024, 12:30 PM

South Korea extradited Russian citizen Yevgeny Pticin (42), who is suspected of being the administrator of the “Phobos ransomware-as-a-service” operation, to the United States of America. He appeared in federal court in Maryland on November 4, according to a statement from the US Department of Justice.

The Phobos ransomware gang is responsible for attacks on more than 1,000 public and private entities worldwide, and as of November 2020, Phobos affiliates have managed to extort ransoms totaling around $16 million from victims.

Ransomware Phobos is known to the domestic public for the attack on the Republic Geodetic Institute (RGZ) that took place in mid-June 2022because of which the work of the cadastre was interrupted for 2 weeks.

Administrators advertised Phobos on hacker forums and messengers, creating a network of affiliates that ransomware often used to attack small businesses and similar targets.

Phobos affiliates are less technically savvy than members of higher-profile ransomware gangs such as Clop or Black Basta, cyber security researchers say. They are known for attacking multiple potential targets, hoping to infect at least one of them. And their ransom demands are also relatively small — less than $2,000 in many cases — making it more likely that the victim will pay and move on.

According to the US Department of Justice, after the attacks that resulted in the payment of the ransom, the affiliates paid Phobos administrators, including Pticin, for decryption keys. Each ransomware application had a unique alphanumeric string linking it to the corresponding key, and payments were directed to crypto wallets unique to each branch. However, from December 2021 to April 2024, decryption key fees were transferred from the branch crypto wallet to a wallet controlled by Pticin.

Pticin, who was known in criminal circles as “derxan” and “zimmermanx”, could face a lengthy prison sentence if convicted of all charges in the 13-count indictment.

Photo: Solid Media | Pexels