Between May and November 2024, Phobos accounted for approximately 11% of all ransomware submissions to the ID Ransomware service, indicating its prevalence in the cybercrime landscape.

Court documents reveal that Ptitsyn and his co-conspirators developed the Phobos ransomware, which they began distributing to affiliates in November 2020.

Ptitsyn is alleged to have played a senior role in the Phobos operation, managing a cryptocurrency wallet used for collecting ransom payments.

The Phobos ransomware group is accused of extorting over $16 million from more than 1,000 victims worldwide, targeting critical sectors such as government, healthcare, and education.

Victims were coerced into paying ransoms through threats of public exposure of their stolen files, with payments funneled through unique cryptocurrency wallets managed by Ptitsyn.

The operation operated on a ransomware-as-a-service (RaaS) model, allowing affiliates to use the ransomware for a fee, with decryption keys sold for amounts ranging from $12,000 to $300,000.

Ptitsyn's arrest is part of ongoing efforts by the U.S. Justice Department to combat ransomware, which has caused significant financial losses to American businesses and institutions.

His extradition was made possible through international cooperation among law enforcement agencies from multiple countries, including the U.S., South Korea, and several European nations.

Despite U.S. government initiatives to disrupt cybercrime, 2023 saw a record $1.1 billion extorted globally, underscoring the challenges faced in combating such operations.

Evgenii Ptitsyn, a 42-year-old Russian national, has been extradited from South Korea to the United States to face serious cybercrime charges linked to the Phobos ransomware operation.

He faces a 13-count indictment that includes charges of wire fraud conspiracy, extortion, and multiple counts of intentional damage to protected computers, potentially leading to over 100 years in prison if convicted.

Notable victims of the Phobos ransomware include a children's hospital in North Carolina and a public school system in California, highlighting the operation's extensive impact.