A Russian man has been extradited from South Korea to the US to face charges in connection with a ransomware gang that allegedly extorted more than $16 million from victims around the world, US prosecutors said Monday.
42-year-old Evgenii Ptitsyn is accused of administering the sale, distribution and operation of Phobos, a type of ransomware that has been used in more than 1,000 ransomware attacks on public and private organizations, the Justice Department said. Victims of the ransomware include government agencies, health care facilities and schools.
The news is a win for the FBI, which typically has to wait until alleged ransomware kingpins leave Russia to try to arrest them because the US and Russia do not have an extradition treaty. Last year, ransomware operatives using Phobos extorted a North Carolina-based children’s hospital for about $100,000, and a California-based public school system for about $300,000, according to the indictment.
Ptitsyn faces wire and computer fraud conspiracy charges, among others. He made his initial court appearance in the District of Maryland on November 4, the Justice Department said. CNN is trying to locate a lawyer for Ptitsyn for comment.
Ptitsyn allegedly had a senior role in the Phobos ransomware group, overseeing a cryptocurrency wallet that collected payments from “affiliates,” or hackers who paid for access to the ransomware. The ransomware has been around since at least 2019, according to cybersecurity researchers.
The arrest of Ptitsyn is the latest example of an aggressive Justice Department effort to try to combat the scourge of ransomware, which has caused many millions of dollars in losses for American companies, schools and hospitals.
Cybercriminals extorted a record $1.1 billion in ransom payments from victim organizations around the world last year despite US government efforts to cut off their money flows, according to a report from crypto-tracking firm Chainalysis.