AttackFeed by Joe Wagner | Polish authorities arrest alleged Phobos ransomware affiliate  - CyberScoop

Polish authorities arrest alleged Phobos ransomware affiliate  – CyberScoop

Posted on By Matt Kapko
Attack Feeds

Polish officials arrested a 47-year-old man accused of participating in ransomware attacks as an affiliate for the Phobos ransomware group, the country’s Central Bureau for Combating Cybercrime said Tuesday.

Authorities did not name the man who was arrested during a raid on his apartment in the Małopolskie province, but said he faces up to five years in prison for his alleged crimes.

The arrest is the latest in a series of coordinated law enforcement actions targeting people involved with Phobos ransomware attacks, which were also carried out by the 8base ransomware group. Polish officials said they identified the suspect through the “Phobos Aetor” operation, a Europol-led effort involving agencies across Europe, Asia and North America that took place in February 2025.

Officials accused the 47-year-old man of possessing credentials, credit card numbers and IP addresses for servers that may have been used to conduct various attacks. He also had tools that could breach servers and used encrypted messaging platforms to communicate with others linked to Phobos, police said. 

During the raid, police said they seized a computer and multiple mobile phones that were used to commit cyberattacks. The unnamed suspect was charged with producing, obtaining and sharing computer programs used to illegally obtain information stored on IT systems.

Phobos ransomware had claimed more than 1,000 victims globally and received more than $16 million in extortion payments by February 2025, according to the Justice Department. Victims of Phobos ransomware attacks, which date back to at least November 2020, include hospitals, schools, non-profit organizations, and a company that contracted with the Defense Department, officials said.

Malicious activity linked to Phobos significantly declined when Russian national Evgenii Ptitsyn, the alleged developer and administrator of Phobos ransomware, was extradited from South Korea to the United States in November 2024.

Ptitsyn, also known as “derxan” and “zimmermanx,” was charged with multiple counts of cybercrime, including wire fraud, wire fraud conspiracy, conspiracy to commit computer fraud and abuse, extortion in relation to hacking and causing intentional damage to protected computers. 

Pretrial motions for his case are due this week in the U.S. District Court of Maryland.

The post Polish authorities arrest alleged Phobos ransomware affiliate appeared first on CyberScoop.

  –

Read More  – CyberScoop 

You may also like

AttackFeed by Joe Wagner | Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions  - The Hacker News
Attack Feeds
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions  – The Hacker News
May 8, 2026
AttackFeed by Joe Wagner | New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords  - Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords  – Hackread – Cybersecurity News, Data Breaches, AI and More
April 28, 2026
AttackFeed by Joe Wagner | Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access  - The Hacker News
Attack Feeds
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access  – The Hacker News
May 22, 2026
AttackFeed by Joe Wagner | Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices  - The Hacker News
Attack Feeds
Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices  – The Hacker News
April 8, 2026