Advertisement
Subscribe to our daily newsletter.
Subscribe

Polish authorities arrest alleged Phobos ransomware affiliate

The 47-year-old man, who was not identified, faces up to five years in prison for producing, obtaining and sharing computer programs used to conduct cyberattacks.

By

Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
Emergency lights flashing on top of a Polish police car. (Getty Images)
Emergency lights flashing on top of a Polish police car. (Getty Images)

Polish officials arrested a 47-year-old man accused of participating in ransomware attacks as an affiliate for the Phobos ransomware group, the country’s Central Bureau for Combating Cybercrime said Tuesday.

Authorities did not name the man who was arrested during a raid on his apartment in the Małopolskie province, but said he faces up to five years in prison for his alleged crimes.

The arrest is the latest in a series of coordinated law enforcement actions targeting people involved with Phobos ransomware attacks, which were also carried out by the 8base ransomware group. Polish officials said they identified the suspect through the “Phobos Aetor” operation, a Europol-led effort involving agencies across Europe, Asia and North America that took place in February 2025.

Officials accused the 47-year-old man of possessing credentials, credit card numbers and IP addresses for servers that may have been used to conduct various attacks. He also had tools that could breach servers and used encrypted messaging platforms to communicate with others linked to Phobos, police said. 

Advertisement

During the raid, police said they seized a computer and multiple mobile phones that were used to commit cyberattacks. The unnamed suspect was charged with producing, obtaining and sharing computer programs used to illegally obtain information stored on IT systems.

Phobos ransomware had claimed more than 1,000 victims globally and received more than $16 million in extortion payments by February 2025, according to the Justice Department. Victims of Phobos ransomware attacks, which date back to at least November 2020, include hospitals, schools, non-profit organizations, and a company that contracted with the Defense Department, officials said.

Malicious activity linked to Phobos significantly declined when Russian national Evgenii Ptitsyn, the alleged developer and administrator of Phobos ransomware, was extradited from South Korea to the United States in November 2024.

Ptitsyn, also known as “derxan” and “zimmermanx,” was charged with multiple counts of cybercrime, including wire fraud, wire fraud conspiracy, conspiracy to commit computer fraud and abuse, extortion in relation to hacking and causing intentional damage to protected computers. 

Pretrial motions for his case are due this week in the U.S. District Court of Maryland.

Matt Kapko

Written by Matt Kapko

Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Latest Podcasts

What happens if CISA 2015 lapses?

No exceptions: How Amazon killed the password and unified security

What leaders can learn from the WEF’s Cybersecurity Outlook

Opportunistic by Default: How OT gets pulled into the blast radius

Government

Technology

Threats

Policy