« Information Technology
  

Alleged Ransomware Administrator Extradited from South Korea

The Phobos ransomware has been used globally to target over 1,000 organizations, including healthcare.

By Jeff Wardon, Jr., Assistant Editor


Charges have been unsealed by the U.S. Justice Department against Evgenii Ptitsyn, a 42-year-old Russian national accused of using and distributing the Phobos ransomware, according to a press release. The ransomware has been used globally to target over 1,000 organizations, including healthcare, and has extorted more than $16 million. 

Prosecutors allege that from 2020 onward, Ptitsyn and cohorts sold Phobos ransomware via a site on the dark web, allowing affiliates to encrypt victims’ data and demand payment for decryption keys, according to the Justice Department. They also threatened to leak sensitive data if ransom payments weren’t made. Ptitsyn also allegedly oversaw payments through cryptocurrency wallets linked to these operations. He is being extradited from South Korea and faces 13 charges, including wire fraud, computer hacking and extortion. 

Related: Healthcare Facilities Alerted of 'Scattered Spider' Cyber Threat

A variant of the Phobos ransomware called “Backmydata” was used in a February 2024 cyberattack that took 100 Romanian healthcare facilities offline, according to The HIPAA Journal. Additionally, the group behind Phobos is known to utilize double extortion tactics, in which cybercriminals take systems offline and hold the data for ransom while also stealing data and threatening to leak it out. This can put pressure on healthcare organizations to pay out. 

Paying the ransom doesn’t guarantee the affected organizations will get their data back, though, according to the FBI. It also emboldens cybercriminals to continue their operations by targeting more potential victims. 

In addition, the FBI recommends these actions to stay safe from ransomware: 

  • Update operating systems, software and applications routinely. 
  • Ensure that antivirus and antimalware programs are set up to automatically update and run routine scans. 
  • Back up data regularly, and check to make sure they’re completed. 
  • Secure backups, and make sure they’re not connected to the devices or networks they’re backing up 
  • Create a response plan in case the organization becomes the victim of a ransomware attack. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



November 21, 2024


Topic Area: Information Technology , Security

Recent Posts

Grounding Healthcare Spaces in Hospitality Principles

Thoughtful design can establish the calm of a spa and the restorative feeling of a resort in healthcare spaces, bringing benefits for patients and care providers.

UC Davis Health Selects Rudolph and Sletten for Central Utility Plant Expansion

Work is already underway with substantial completion anticipated in the fall of 2027.

Cape Cod Healthcare Opens Upper 2 Floors of Edwin Barbey Patient Care Pavilion

The first two floors opened for patients in May 2025 and house the Davenport-Mugar Cancer Center.

Building Sustainable Healthcare for an Aging Population

Traditional responses — building more primary and secondary care facilities — are no longer sustainable.

Froedtert ThedaCare Announces Opening of ThedaCare Medical Center-Oshkosh

The organization broke ground on the health campus in March 2024.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.