Two Russian men have been charged over a ransomware scheme that targeted 1,000 public and private organisations around the world.
The US Justice Department has unsealed criminal charges against Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39).
They are accused of running a cybercrime group that used the Phobos ransomware to target public and private organizations across the globe.
The group allegedly received more than $16 million in ransom payments from victims, including hospitals, healthcare providers, and schools.
A Global Operation
Berezhnoy and Glebov were arrested this week as part of an international effort to disrupt the alleged criminal network.
The Justice Department says the operation involved cooperation between law enforcement agencies from several countries, including the FBI, Europol, and authorities from Germany, the UK, Japan, and more.
From May 2019 until at least October 2024, the group are alleged to have used ransomware to cause significant damage to their victims
The group allegedly:
- Hacked into computer networks
- Stole files and data
- Encrypted the stolen data with Phobos ransomware
- Demanded ransom payments in exchange for decryption keys to restore access
Victims were often threatened with the public release of their stolen files if they didn’t comply.
The criminals are also said to have operated a darknet website where they published stolen data.
How the Phobos Ransomware Worked
Phobos ransomware was the key tool used by the cybercriminals. After an attack, criminal affiliates paid a fee to receive a decryption key, which allowed victims to unlock their encrypted files.
Each attack had a unique identifier tied to its decryption key, and payments were processed through cryptocurrency wallets.
The group’s affiliate structure allowed others to carry out ransomware attacks, paying a share of the ransom for the decryption keys.
The Justice Department’s indictment against Berezhnoy and Glebov details a coordinated effort to extort money from both large organizations and small businesses.
Hiring? Post jobs for free with WhatJobs
Charges and Potential Penalties
The charges against the two suspects include:
- Wire fraud conspiracy
- Computer fraud and abuse
- Extortion related to computer damage
- Unauthorized access to protected computer data
Each of the wire fraud-related charges could result in a 20-year prison sentence, with additional sentences for the other charges. A federal district court judge will determine sentencing after considering various factors.
Ongoing Global Effort to Tackle Cybercrime
The disruption of the Phobos ransomware group marks a significant step in the fight against international cybercrime. US law enforcement, in collaboration with global partners, continues to target and dismantle ransomware operations.
International cooperation has been critical to the success of this investigation, with numerous countries joining forces to fight cyber threats.
In addition to the recent arrests of Berezhnoy and Glebov, the US authorities have acknowledged the vital role played by other nations and organizations in tackling this issue.
Need Career Advice? Get employment skills advice at all levels of your career
The Future of Cybercrime Prevention
With ransomware attacks becoming more sophisticated, authorities worldwide are increasingly focused on disrupting these networks.
As technology evolves, so too will the methods used by cybercriminals. Continued collaboration among law enforcement agencies is essential to stay ahead of these threats and safeguard sensitive data worldwide.
The case of Berezhnoy and Glebov is a reminder of the global reach of cybercrime and the ongoing efforts to hold perpetrators accountable.
As international law enforcement agencies continue to work together, the hope is that these coordinated actions will lead to a reduction in ransomware attacks and better protection for businesses and individuals.
