The U.S. DOJ has unsealed charges against Russian cybercriminals Roman Berezhnoy and Egor Nikolaevich Glebov, key figures behind the Phobos ransomware group, which extorted over $16 million from more than 1,000 victims worldwide. Their arrests were part of a coordinated international operation, including the takedown of 100+ servers used by the ransomware network.
Key Points:
- Phobos ransomware targeted hospitals, schools, and businesses since 2019.
- Hackers stole and encrypted victims’ data, demanding ransom for decryption.
- Darknet extortion: Threatened to leak stolen data if victims refused to pay.
- Criminals operated as “8Base” and “Affiliate 2803”, part of Phobos ransomware syndicate.
- Massive takedown: FBI, Europol, and 10+ countries dismantled Phobos infrastructure.
- Berezhnoy & Glebov were arrested this week as part of a coordinated international disruption of their organization, they face 20+ years in prison for wire fraud, hacking, and extortion.
Short Case Narrative:
A major blow has been dealt to the Phobos ransomware syndicate, with the arrests of two Russian hackers, Roman Berezhnoy and Egor Glebov. Operating since 2019, they attacked over 1,000 victims globally, including hospitals and schools, using Phobos ransomware to lock data and demand payment. Victims who refused to pay faced public exposure of their sensitive files.
The cybercriminals ran a darknet extortion site, where they publicly released stolen data if victims didn’t comply. As part of the Phobos network, they worked under aliases like “8Base” and “Affiliate 2803.” Their $16M ransomware operation came to a halt this week as international law enforcement dismantled 100+ servers and arrested key members.
The crackdown follows the recent arrest and extradition of Phobos administrator Evgenii Ptitsyn, signaling that authorities are systematically hunting down the entire network. The DOJ has charged Berezhnoy and Glebov with 11 counts, including wire fraud, hacking, and extortion, each carrying up to 20 years in prison.
Actionable Insight:
The Phobos takedown highlights increasing global coordination against ransomware gangs. However, cybercriminals continue to evolve, and new groups quickly fill the void. Companies must enhance cybersecurity, conduct regular backups, and monitor darknet activity to stay ahead of emerging threats.
Call for Information:
Do you have insights on Phobos ransomware operations, 8Base, or other cyber extortion groups? Have you been affected by darknet data leaks? FinTelegram wants to hear from you! Your intel remains confidential.
