SHARE

Alleged Russian Ransomware Mastermind Extradited From South Korea To Maryland

A Russian national accused of running a global ransomware operation that extorted more than $16 million from victims worldwide has been extradited from South Korea to Maryland to face federal charges, authorities announced.

"Ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, are a threat to our national security," U.S. Attorney for New Jersey Philip Sellinger said.

"Ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, are a threat to our national security," U.S. Attorney for New Jersey Philip Sellinger said.

Photo Credit: fbi.gov

Evgenii Ptitsyn, 42, is charged with operating and administering the sale, distribution, and deployment of the notorious Phobos ransomware, which targeted over 1,000 public and private organizations globally, including schools, hospitals, and critical infrastructure. 

Ptitsyn made his first appearance in U.S. District Court for the District of Maryland earlier this month.

“It’s only a matter of time—cybercriminals will be caught and brought to justice,” US Attorney Erek Barron for the District of Maryland stated. “Ptitsyn allegedly facilitated the global use of a devastating ransomware strain to attack organizations essential to everyday life. 

"We are committed to bringing such offenders to justice and working with partners to stop these crimes before they happen.”

The indictment paints Ptitsyn as the mastermind behind a complex international cybercrime scheme that used Phobos ransomware to hack into victims’ networks, encrypt data, and demand cryptocurrency payments for decryption keys. 

Prosecutors allege Ptitsyn and his co-conspirators operated a darknet marketplace to sell access to the ransomware to other criminals, or “affiliates.”

The affiliates, according to the DOJ, hacked victims’ systems using stolen credentials, encrypted sensitive data, and left ransom notes demanding payment in cryptocurrency. 

They also threatened to leak the stolen data unless the victims complied. 

Affiliates then paid fees to Ptitsyn and other administrators for decryption keys, with payments processed through unique cryptocurrency wallets tied to each attack.

Between December 2021 and April 2024, authorities allege Ptitsyn funneled millions in ransom proceeds from these wallets into his own accounts.

“The indictment alleges that Ptitsyn and his co-conspirators ran one of the most widespread ransomware groups, targeting everyone from large corporations to schools and hospitals,” Nicole M. Argentieri, Principal Deputy Assistant Attorney General for the Justice Department’s Criminal Division addeed.

Deputy AG Lisa Monaco praised the joint effort, calling it a “testament to the ingenuity and determination of law enforcement worldwide.”

Ptitsyn now faces a 13-count federal indictment, including charges of wire fraud, conspiracy, computer hacking, and extortion. 

Each wire fraud count carries up to 20 years in prison, while other charges bring additional decades of potential prison time.

“Ransomware is more than an inconvenience—it’s a threat to health, safety, and national security,” said FBI Baltimore Special Agent in Charge William J. DelBagno. “This extradition sends a clear message: cybercriminals will be found and held accountable, no matter how far they try to run.”

Want breaking news in the DMV as it happens, or want to contribute? Join the DMV All Incidents Facebook group.

to follow Daily Voice Crofton and receive free news updates.

SCROLL TO NEXT ARTICLE