Russian suspected Phobos ransomware admin extradited to US over $16M extortion

November 19, 2024 at 04:59PM Evgenii Ptitsyn, a Russian citizen, was extradited from South Korea to the U.S. for his role in the Phobos ransomware operation, accused of extorting over $16 million from victims. Facing 13 charges, he provided technical support to criminals using the malware. If convicted, he could face over 100 years in … Read more

‘Phobos’ Ransomware Cybercriminal Extradited From South Korea

November 19, 2024 at 01:21PM Russian cybercriminal Evgenii Ptitsyn, 42, appeared in a Maryland court after extradition from South Korea. He faces charges for operating the Phobos ransomware, allegedly extorting over $16 million from more than 1,000 victims globally. He could face significant prison time if convicted on multiple counts, including wire fraud and extortion. … Read more

US charges Phobos ransomware admin after South Korea extradition

November 18, 2024 at 02:51PM Evgenii Ptitsyn, a Russian suspected of leading the Phobos ransomware operation, has been extradited from South Korea to the U.S. He faces multiple cybercrime charges for his involvement in extorting over $16 million from more than 1,000 entities by coordinating ransomware attacks since November 2020. ### Meeting Takeaways: 1. **Extradition … Read more

Volkswagen monitoring data dump threat from 8Base ransomware crew

October 16, 2024 at 05:39PM The 8Base ransomware group claims to have stolen extensive confidential files from Volkswagen and plans to publish them. A spokesperson for Volkswagen stated they are not affected and are monitoring the situation. This incident follows previous data theft issues involving the company. No ransom demand has been confirmed. **Meeting Takeaways: … Read more

EquiLend Ransomware Attack Leads to Data Breach 

March 12, 2024 at 09:51AM EquiLend has notified employees of a data breach resulting from a January 2024 ransomware attack. The company restored client-facing services by February 5 but recently disclosed the breach’s scope to the Massachusetts OCABR. Personal data, including Social Security numbers and payroll information, was compromised. EquiLend is providing impacted individuals with … Read more

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

March 4, 2024 at 12:36AM U.S. cybersecurity agencies have issued warnings about Phobos ransomware targeting government and critical infrastructure entities. The ransomware, operated as a service model, has targeted various sectors and has earned millions in ransom. The attackers use various tactics and have been actively targeting entities since May 2019, posing a significant ongoing … Read more

Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks

March 1, 2024 at 08:57AM US government agencies issued a warning about ongoing Phobos ransomware attacks targeting critical infrastructure sectors. Operating since May 2019, Phobos employs a ransomware-as-a-service (RaaS) model, with tactics such as phishing emails, IP scanning, and use of remote access tools. Recommendations for mitigations and indicators of compromise are provided. From the … Read more

#StopRansomware: Phobos Ransomware

February 29, 2024 at 10:42AM The joint Cybersecurity Advisory (CSA) highlights the Phobos ransomware threat, observed as recently as February 2024. It describes the ransomware’s tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and provides recommendations from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information … Read more

Ransomware Attack Knocks 100 Romanian Hospitals Offline

February 13, 2024 at 06:33AM A file-encrypting ransomware attack on the Hipocrate Information System (HIS) in Romania has led to data encryption in 26 hospitals. As a result, hospitals are resorting to pen and paper for record keeping. The attackers have demanded a 3.5 Bitcoin ransom, but DNSC advises against paying. Affected facilities are following … Read more

8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader

November 18, 2023 at 07:00AM Cisco Talos has discovered that the 8Base ransomware group is using a variant of the Phobos ransomware in its attacks. The malware is distributed through the SmokeLoader backdoor trojan, and the group has been active at least since March 2022. The findings also reveal the methods and characteristics of the … Read more