Phobos long-running ransomware-as-a-service operation and broad distribution
Threat Actor Meta
Summary
Hide ▲
Show ▼
Phobos remains a long-running ransomware-as-a-service operation linked to the Crysis family, with a broad affiliate ecosystem that has driven repeated intrusions worldwide. In March 2026, Evgenii Ptitsyn pleaded guilty to wire fraud conspiracy for his role in administering the operation, which the U.S. Department of Justice says collected more than $39 million from over 1,000 public and private entities. The case reinforces how Phobos used stolen credentials, data exfiltration, and encryption to extort victims across sectors and regions.
Related Happenings
Nidec Chaun Choung Technology hit by ransomware attack
Incident
H score49
First: 30.06.2026 12:41
Last: 30.06.2026 12:41
Sources 1
About this happening:
**Nidec Chaun Choung Technology** confirmed a **ransomware attack** that caused **ransomware-originated damage** to part of a server and forced emergency containment actions. The...
Nidec Chaun Choung Technology hit by ransomware attack
IncidentAbout this happening: **Nidec Chaun Choung Technology** confirmed a **ransomware attack** that caused **ransomware-originated damage** to part of a server and forced emergency containment actions. The...
Conti campaign expands across multiple victims
Campaign
H score38
First: 12.06.2026 20:54
Last: 12.06.2026 20:54
Sources 1
About this happening:
The **Conti ransomware operation** ran as a large-scale **2021-2022** extortion campaign that **stole data** and **encrypted devices** to pressure victims into paying **Bitcoin**....
Conti campaign expands across multiple victims
CampaignAbout this happening: The **Conti ransomware operation** ran as a large-scale **2021-2022** extortion campaign that **stole data** and **encrypted devices** to pressure victims into paying **Bitcoin**....
Europol-led AudiA6 crypto-laundering takedown
Law Enforcement
H score29
First: 11.06.2026 18:55
Last: 11.06.2026 18:55
Sources 1
About this happening:
**Law enforcement** dismantled **AudiA6**, a **cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks, in a **June 10, 2026** multinatio...
Europol-led AudiA6 crypto-laundering takedown
Law EnforcementAbout this happening: **Law enforcement** dismantled **AudiA6**, a **cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks, in a **June 10, 2026** multinatio...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law Enforcement
H score39
First: 05.05.2026 13:13
Last: 05.05.2026 13:13
Sources 1
About this happening:
**Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law EnforcementAbout this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
Incident
H score45
First: 01.05.2026 10:47
Last: 01.05.2026 10:47
Sources 1
About this happening:
A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
IncidentAbout this happening: A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Timeline
-
05.03.2026 10:34 1 articles · 4mo ago
Evgenii Ptitsyn pleads guilty in Phobos ransomware case
Legal Policy Action UpdateEvgenii Ptitsyn pleaded guilty to wire fraud conspiracy for administering Phobos ransomware, a long-running RaaS operation linked to the Crysis ransomware family. The U.S. Department of Justice says Phobos collected more than $39 million in ransom payments from over 1,000 public and private entities worldwide, and Ptitsyn was extradited from South Korea in November 2024 before the plea.
Show sources
- Phobos ransomware admin pleads guilty to wire fraud conspiracy — www.bleepingcomputer.com — 05.03.2026 10:34
-
17.02.2026 13:31 2 articles · 4mo ago
Phobos long-running ransomware-as-a-service operation and broad distribution
Initial DisclosurePhobos operated as an affiliate-driven **RaaS** ecosystem with backend infrastructure and broad distribution across business targets worldwide.
Show sources
- Poland arrests suspect linked to Phobos ransomware operation — www.bleepingcomputer.com — 17.02.2026 13:31
- Poland arrests suspect linked to Phobos ransomware operation — www.bleepingcomputer.com — 17.02.2026 13:31