The U.S. Department of Justice has unveiled criminal charges against Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, both Russian nationals. They are accused of operating a cybercrime group that used the Phobos ransomware to target over 1,000 public and private entities globally, securing more than $16 million in ransom payments. The arrests were part of an international effort to dismantle their organization, which included additional arrests and technical disruptions.
From May 2019 to at least October 2024, Berezhnoy and Glebov allegedly inflicted financial losses on victims by denying them access to their data unless ransoms were paid. Their targets included a children's hospital, healthcare providers, and educational institutions.
Court documents reveal that Berezhnoy and Glebov ran a ransomware affiliate organization under names like "8Base" and "Affiliate 2803." They allegedly infiltrated victim networks, stole files, encrypted original data with Phobos ransomware, and demanded ransom for decryption keys. If ransoms weren't paid, they threatened to release stolen files publicly or to the victims' clients.
The conspirators reportedly operated a darknet site where they issued threats and published stolen data if ransoms went unpaid. After successful attacks, affiliates paid fees for decryption keys linked to unique alphanumeric strings associated with each attack.
These charges follow the arrest and extradition of Evgenii Ptitsyn on related charges concerning his alleged role in administering the Phobos ransomware variant.
Europol and German authorities have announced an international operation involving the FBI to disrupt over 100 servers connected to this criminal network.
Berezhnoy and Glebov face an 11-count indictment including wire fraud conspiracy, computer fraud conspiracy, intentional damage to protected computers, extortion related to computer damage, transmitting threats regarding stolen data confidentiality, unauthorized access to protected computers. If convicted on wire fraud-related counts alone they could face up to 20 years in prison per count; other counts carry penalties ranging from five to ten years each.
Erek L. Barron from Maryland's U.S Attorney’s Office; Antoinette T Bacon from Justice Department’s Criminal Division; William J DelBagno from FBI Baltimore Field Office made this announcement.
The FBI Baltimore Field Office is leading the investigation with support from international partners across several countries including Europol & US Department Defense Cyber Crime Center among others providing crucial cooperation during this probe into Phobos ransomware activities
Assistant US Attorney Thomas M Sullivan & Senior Counsel Aarash A Haghighat are prosecuting while former CCIPS Trial Attorney Riane Harper along with former Assistant US Attorneys Aaron SJ Zelinsky & Jeffrey J Izant offered substantial assistance throughout proceedings
Further information about protecting networks against such threats can be found at StopRansomware.gov
An indictment serves only as an allegation until proven guilty beyond reasonable doubt within court proceedings