Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Phobos long-running ransomware-as-a-service operation and broad distribution

Threat Actor Meta
First reported
Last updated
Happening score
H score 21
1 unique sources, 2 articles

Summary

Hide ▲

Phobos remains a long-running ransomware-as-a-service operation linked to the Crysis family, with a broad affiliate ecosystem that has driven repeated intrusions worldwide. In March 2026, Evgenii Ptitsyn pleaded guilty to wire fraud conspiracy for his role in administering the operation, which the U.S. Department of Justice says collected more than $39 million from over 1,000 public and private entities. The case reinforces how Phobos used stolen credentials, data exfiltration, and encryption to extort victims across sectors and regions.

Related Happenings

U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case

Law Enforcement
First: 05.05.2026 13:13 Last: 05.05.2026 13:13 Sources 1

About this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...

Open Happening

Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)

Incident
First: 01.05.2026 10:47 Last: 01.05.2026 10:47 Sources 1

About this happening: A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...

Open Happening

BlackCat campaign expands across multiple victims

Campaign
First: 22.04.2026 14:00 Last: 22.04.2026 14:00 Sources 1

About this happening: The **BlackCat** ransomware operation ran a **multi-victim extortion campaign** against **US organizations** between **April and November 2023**, creating sustained ransom pressur...

Latest development: 01.05.2026 14:30

Ryan Goldberg and Kevin Martin were each sentenced to four years in prison for helping the BlackCat/ALPHV ransomware gang conduct attacks against multiple U.S. organizations during 2023. Prosecutors said the pair worked alongside Angelo Martino, paid BlackCat administrators a 20% share of ransom payments, and in one case received a Bitcoin ransom worth $1.2m while also leaking patient data from a healthcare victim.

Open Happening

Ilya Angelov sentencing in BitPaymer botnet case

Law Enforcement
First: 25.03.2026 10:47 Last: 25.03.2026 10:47 Sources 1

About this happening: **Ilya Angelov** was sentenced to **two years in prison** for managing a phishing botnet tied to **BitPaymer ransomware** attacks against **72 U.S. companies**. The sentence close...

Open Happening

Aleksei Volkov Indiana sentencing in ransomware case

Law Enforcement
First: 24.03.2026 12:32 Last: 24.03.2026 12:32 Sources 1

About this happening: **Aleksei Volkov** was **sentenced** in **Indiana** to **81 months** for his role as an **initial access broker** in a **ransomware** case, closing a major US cybercrime prosecuti...

Open Happening

Timeline

  1. 05.03.2026 10:34 1 articles · 2mo ago

    Evgenii Ptitsyn pleads guilty in Phobos ransomware case

    Legal Policy Action Update

    Evgenii Ptitsyn pleaded guilty to wire fraud conspiracy for administering Phobos ransomware, a long-running RaaS operation linked to the Crysis ransomware family. The U.S. Department of Justice says Phobos collected more than $39 million in ransom payments from over 1,000 public and private entities worldwide, and Ptitsyn was extradited from South Korea in November 2024 before the plea.

    Show sources
    Open in new tab
  2. 17.02.2026 13:31 2 articles · 3mo ago

    Phobos long-running ransomware-as-a-service operation and broad distribution

    Initial Disclosure

    Phobos operated as an affiliate-driven **RaaS** ecosystem with backend infrastructure and broad distribution across business targets worldwide.

    Show sources
    Open in new tab