Find notable cyber news and cases, enriched with sources, timelines, and signals.

Phobos long-running ransomware-as-a-service operation and broad distribution

Threat Actor Meta
First reported
Last updated
Happening score
H score 44
1 unique sources, 2 articles

Summary

Hide ▲

Phobos remains a long-running ransomware-as-a-service operation linked to the Crysis family, with a broad affiliate ecosystem that has driven repeated intrusions worldwide. In March 2026, Evgenii Ptitsyn pleaded guilty to wire fraud conspiracy for his role in administering the operation, which the U.S. Department of Justice says collected more than $39 million from over 1,000 public and private entities. The case reinforces how Phobos used stolen credentials, data exfiltration, and encryption to extort victims across sectors and regions.

Related Happenings

Nidec Chaun Choung Technology hit by ransomware attack

Incident
H score49 First: 30.06.2026 12:41 Last: 30.06.2026 12:41 Sources 1

About this happening: **Nidec Chaun Choung Technology** confirmed a **ransomware attack** that caused **ransomware-originated damage** to part of a server and forced emergency containment actions. The...

Conti campaign expands across multiple victims

Campaign
H score38 First: 12.06.2026 20:54 Last: 12.06.2026 20:54 Sources 1

About this happening: The **Conti ransomware operation** ran as a large-scale **2021-2022** extortion campaign that **stole data** and **encrypted devices** to pressure victims into paying **Bitcoin**....

Europol-led AudiA6 crypto-laundering takedown

Law Enforcement
H score29 First: 11.06.2026 18:55 Last: 11.06.2026 18:55 Sources 1

About this happening: **Law enforcement** dismantled **AudiA6**, a **cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks, in a **June 10, 2026** multinatio...

U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case

Law Enforcement
H score39 First: 05.05.2026 13:13 Last: 05.05.2026 13:13 Sources 1

About this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...

Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)

Incident
H score45 First: 01.05.2026 10:47 Last: 01.05.2026 10:47 Sources 1

About this happening: A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...

Timeline

  1. 05.03.2026 10:34 1 articles · 4mo ago

    Evgenii Ptitsyn pleads guilty in Phobos ransomware case

    Legal Policy Action Update

    Evgenii Ptitsyn pleaded guilty to wire fraud conspiracy for administering Phobos ransomware, a long-running RaaS operation linked to the Crysis ransomware family. The U.S. Department of Justice says Phobos collected more than $39 million in ransom payments from over 1,000 public and private entities worldwide, and Ptitsyn was extradited from South Korea in November 2024 before the plea.

    Show sources
  2. 17.02.2026 13:31 2 articles · 4mo ago

    Phobos long-running ransomware-as-a-service operation and broad distribution

    Initial Disclosure

    Phobos operated as an affiliate-driven **RaaS** ecosystem with backend infrastructure and broad distribution across business targets worldwide.

    Show sources