Russian Ransomware Operator Extradited to US for $16M Cybercrime Case

The U.S. Department of Justice (DOJ) has extradited Evgenii Ptitsyn, a 42-year-old Russian national, from South Korea to face charges for his alleged role in the Phobos ransomware operation, which has impacted over 1,000 organizations worldwide. Ptitsyn is accused of managing the sale, distribution, and deployment of the ransomware, which targets sectors like healthcare, education, and government.

Phobos ransomware, a Ransomware-as-a-Service (RaaS) tool, encrypts victims’ data and demands ransom payments, often threatening to expose the files. From 2021 to 2024, affiliates allegedly deposited ransom payments into cryptocurrency wallets linked to Ptitsyn, identified through blockchain analysis. Phobos spreads via phishing and brute-force attacks on Remote Desktop Protocol (RDP).

Ptitsyn faces 13 counts, including wire fraud, computer fraud, and extortion, each carrying a potential sentence of up to 20 years. His extradition resulted from international cooperation among South Korea, Japan, and several European nations.