No company too small for Phobos ransomware gang, indictment reveals


The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

The government’s indictment against Ptitsyn should dispel any notion that ransomware gangs only target the largest, richest, most robust corporations on the planet, as one Phobos affiliate allegedly extorted a Maryland-based healthcare provider out of just $2,300—possibly the lowest payment ever recorded. In a November 18 statement, Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division, stressed the wanton victim targeting by Ptitsyn’s ransomware network.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter


Related:

  • Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches

    January 16, 2025

    The prolific Clop ransomware gang has named dozens of corporate victims it claims to have hacked in recent weeks after exploiting a vulnerability ​​in several popular enterprise file transfer products developed by U.S. software company Cleo. In a post on its dark web leak site, seen by TechCrunch, the Russia-linked Clop gang listed 59 organizations it ...

  • PlugX malware deleted from thousands of systems by FBI

    January 16, 2025

    The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers. PlugX has been around since at least 2008 but is under ...

  • UnitedHealth hid its Change Healthcare data breach notice for months

    January 15, 2025

    Change Healthcare, the UnitedHealth-owned health tech company that lost more than 100 million people’s sensitive health data in a ransomware attack last year, said on Tuesday that the company has “substantially” completed notifying affected individuals about the massive data breach. The February 2024 ransomware attack on Change Healthcare, one of the biggest processors of patient billing ...

  • Multi-Vector DDoS Attacks: What They Are and How to Stay Protected

    January 15, 2025

    Multi-vector DDoS attacks have emerged as one of the biggest challenges in cybersecurity today. The number of such incidents has been growing significantly year over year. In this article, we’ll break down what multi-vector attacks are, how they work, and why they’re such a pressing threat. As DDoS attacks evolve, it becomes increasingly difficult to combat ...

  • One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks

    January 13, 2025

    When launching and persisting attacks at scale, threat actors can inadvertently leave behind traces of information. They often reuse, rotate and share portions of their infrastructure when automating their campaign’s setup before launching an attack. Defenders can leverage this behavior by pivoting on a few known indicators to uncover newer infrastructure. This article describes the benefits ...

  • Nominet confirms cybersecurity incident linked to Ivanti VPN hacks

    January 13, 2025

    Nominet, the U.K. domain registry that maintains .co.uk domains, has experienced a cybersecurity incident that it confirmed is linked to the recent exploitation of a new Ivanti VPN vulnerability. In an email to customers, seen by TechCrunch, Nominet warned of an “ongoing security incident” under investigation. Nominet said hackers accessed its systems via “third-party VPN software ...