嗯,用户让我帮忙总结一篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。好的,首先我得仔细阅读这篇文章,理解它的主要内容。 文章讲的是一个俄罗斯人Evgenii Ptitsyn因参与Phobos勒索软件活动而认罪。他面临最高20年的监禁。Phobos这个勒索软件攻击了超过1000个实体,索要了超过1600万美元的赎金。Ptitsyn在暗网上销售这个软件,并使用RaaS模式分发给 affiliates。还有其他几个人也被起诉了,包括Roman Berezhnoy和Egor Glebov,他们在国际行动中被逮捕,同时还有波兰的一起逮捕行动。 所以,我需要把这些关键点浓缩到100字以内。包括Ptitsyn认罪、他的角色、Phobos的影响、RaaS模式、其他人的被捕情况等等。 可能的结构是:俄罗斯人Ptitsyn因参与Phobos勒索软件活动认罪,面临20年监禁。该软件攻击了1000多个实体,索要1600万美元赎金,并通过RaaS模式分发。Ptitsyn在暗网上销售,并有其他成员被捕。 这样大概在100字左右。确保涵盖主要人物、事件和影响。 </think> 俄罗斯籍男子Evgenii Ptitsyn因参与Phobos勒索软件活动认罪,面临最高20年监禁。该勒索软件针对全球超1,000个实体,索要超1,600万美元赎金。Ptitsyn通过暗网销售该软件,并使用"即服务"模式分发给犯罪团伙成员。 2026-3-5 19:12:17 Author: securityaffairs.com(查看原文) 阅读量:16 收藏
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian national Evgenii Ptitsyn (43) pleaded guilty in the U.S. for his role in the Phobos ransomware operation.
Russian national Evgenii Ptitsyn pleaded guilty in the US to wire fraud conspiracy for his role in the Phobos ransomware scheme. The man was arrested in South Korea in 2024 and extradited to the United States. He helped sell and operate the ransomware platform used by affiliates to attack victims.
Ptitsyn faces a maximum penalty of 20 years in prison for wire fraud count. The sentencing is set for July 15.
According to the DoJ, the Phobos ransomware operation targeted over 1,000 public and private entities in the United States and worldwide, extorting more than $16 million in ransom payments. The Russian national was allegedly involved in the development, sale, distribution, and operations of the ransomware.
Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom.
Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024.
“After a successful Phobos ransomware attack, criminal affiliates paid fees to Phobos administrators like Ptitsyn for a decryption key to regain access to the encrypted files. Each deployment of Phobos ransomware was assigned a unique alphanumeric string to match it to the corresponding decryption key, and each affiliate was directed to pay the decryption key fee to a cryptocurrency wallet unique to the affiliate.” reads the press release published by DoJ. “From December 2021 to April 2024, the decryption key fees were then transferred from the unique affiliate cryptocurrency wallet to a wallet Ptitsyn controlled. Ptitsyn also received a portion of the ransomware payments made by victims.”
In February 2025, the U.S. Justice Department unsealed charges against Russian nationals Roman Berezhnoy and Egor Glebov for operating a Phobos ransomware group. Both were arrested in a coordinated international operation that also dismantled the group’s infrastructure and led to further arrests.
In February, Polish authorities arrested a 47-year-old man suspected of involvement in cybercrime and linked him to the Phobos ransomware operation. Police said they discovered evidence of illegal activities on his seized devices.
“Officers from the Central Bureau for Combating Cybercrime detained a 47-year-old man suspected of creating, acquiring, and sharing computer programs used to unlawfully obtain information stored in computer systems.” reads the press release published by Poland’s Central Bureau of Cybercrime Control (CBZC) police. “Officers secured files on the man’s computer containing digital data, such as logins, passwords, credit card numbers, and server IP addresses. This data could have been used to launch various attacks, including ransomware. Furthermore, the 47-year-old used encrypted messaging to contact the Phobos criminal group, known for its ransomware attacks.”
In a joint operation by cybercrime units in Katowice and Kielce, Polish authorities arrested the man in the Małopolska region over suspected links to the Phobos group. Investigators seized computers and mobile phones containing logins, passwords, credit card data, and server IP addresses that could be used to breach electronic systems and launch ransomware attacks.
Evidence also showed he used encrypted messaging to communicate with members of the criminal network. He has been charged with creating and distributing tools for unlawful access to computer systems, an offense punishable by up to five years in prison. The case is overseen by the District Prosecutor’s Office in Gliwice. The arrest was part of Operation Aether, coordinated by Europol, which has targeted Phobos operators, affiliates, and infrastructure worldwide.Phobos
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Phobos Operation)
如有侵权请联系:admin#unsafe.sh