A 47-year-old man arrested by police in Poland for allegedly being involved in cybercriminal activities has been linked to the Phobos ransomware operation. According to Poland’s Central Cybercrime Bureau, officers found hacking tools, credentials, payment card numbers, and server IP addresses on the unnamed suspect’s devices during a search, and they discovered that he had exchanged messages with the Phobos ransomware group.
While authorities have not shared details about his potential role, the bureau’s briefing suggests he may have been an affiliate rather than an operator. The Phobos ransomware-as-a-service operation emerged in 2019, and the international law enforcement operation involved infrastructure takedowns and arrests of several Russian nationals believed to be key members and affiliates of the cybercrime gang.
According to authorities, more than 1,000 organizations worldwide have been targeted in Phobos attacks and the criminals are believed to have obtained over $16 million in ransom payments.