Russian suspected Phobos ransomware admin extradited to US over $16M extortion
A Russian citizen has been extradited from South Korea to the United States to face charges related to his alleged role in the Phobos ransomware operation.
According to American prosecutors [PDF], since November 2020 the Phobos crew let criminals use its Windows ransomware for free to infect others, then charged those crooks $300 per decryption key, which were then resold to victims for amounts determined by the intruders.
The amount of ransom these extortionists were demanding was relatively small - between $12,000 to $300,000 per victim - though the Feds claim that in total the code was used to extort around $16 million from organizations and that it was Ptitsyn who provided crucial technical support.
"Each deployment of Phobos ransomware was assigned a unique alphanumeric string in order to match it to the corresponding decryption key, and each affiliate was directed to pay the decryption key fee to a cryptocurrency wallet unique to that affiliate," the US Justice Dept said in a statement this week.
"From December 2021 to April 2024, the decryption key fees were then transferred from the unique affiliate cryptocurrency wallet to a wallet controlled by Ptitsyn," it is claimed.
/cloudfront-us-east-2.images.arcpublishing.com/reuters/WH6YZXYGUVPP3EGR3KFXLDHZ2Q.jpg)
