RUSSIAN national Evgenii Ptitsyn, 43, pleaded guilty in the United States to wire fraud conspiracy for his role in the Phobos ransomware operation, and faces a maximum penalty of 20 years in prison with sentencing set for July 15. According to the DoJ, the Phobos operation targeted over 1,000 public and private entities in the United States and worldwide, extorting more than $16 million in ransom payments, with Ptitsyn allegedly involved in development, sale, distribution and operations of the ransomware.
Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims, and Ptitsyn reportedly sold the ransomware on darknet forums under aliases such as “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom. The group used a ransomware-as-a-service model to distribute to a network of affiliates, who paid fees to administrators for decryption keys, with payments routed via cryptocurrency wallets from 2021–2024.
In February 2025, the U.S. Justice Department unsealed charges against Russian nationals Roman Berezhnoy and Egor Glebov for operating a Phobos ransomware group, and Polish authorities arrested a 47-year-old man linked to the operation in February, with charges including creating and distributing tools for unlawful access to computer systems, punishable by up to five years in prison.