Poland Arrests Suspect Linked to Phobos Ransomware Operation
Polish Authorities Apprehend Suspect Linked to Phobos Ransomware Operation
In a significant development in the fight against cybercrime, Polish law enforcement agencies have arrested a 47-year-old individual suspected of involvement with the Phobos ransomware group.
Operation Aether
The suspect was taken into custody in the Małopolska region as part of “Operation Aether,” a collaborative effort coordinated by Europol to dismantle the Phobos ransomware infrastructure and apprehend its affiliates.
During a search of the suspect’s residence, investigators from the Central Bureau of Cybercrime Control (CBZC) and the District Prosecutor’s Office in Gliwice seized computers and mobile devices containing sensitive data, including stolen credentials, credit card numbers, and server access information.
This data could be used to facilitate unauthorized access to computer systems and conduct ransomware attacks.
Investigation and Charges
Further investigation revealed that the suspect had utilized encrypted messaging applications to communicate with the Phobos cybercrime organization.
The CBZC stated that the seized data could be used to carry out various attacks, including ransomware, and that the suspect’s actions were in violation of Poland’s Criminal Code.
If convicted, the suspect faces a maximum prison sentence of five years for producing, acquiring, and distributing computer programs designed to unlawfully obtain information stored in IT systems.
Phobos Ransomware Operation
The Phobos ransomware operation, derived from the Crysis ransomware family, has been responsible for numerous attacks on businesses worldwide.
Between May 2024 and November 2024, Phobos ransomware accounted for approximately 11% of all submissions to the ID Ransomware service.
The U.S. Justice Department has linked this ransomware gang to breaches at over 1,000 public and private entities worldwide, with ransom payments totaling more than $16 million.
Operation Aether Outcomes
Operation Aether has targeted Phobos-linked individuals at multiple levels of the operation, including backend infrastructure operators and affiliates involved in network intrusions and data encryption.
The operation has resulted in several key outcomes, including the extradition of the alleged Phobos administrator to the United States in November 2024 and the disruption of the group’s activities in February 2025, when police seized 27 servers and arrested two suspected affiliates in Phuket, Thailand.
Additionally, another key Phobos affiliate was arrested in Italy in 2023, further weakening the cybercriminal network behind the ransomware group.
As a result of Operation Aether, law enforcement agencies were able to warn over 400 companies worldwide of ongoing or imminent ransomware attacks.
Related Development
In a related development, the Japanese police released a Phobos and 8-Base ransomware decryptor in July 2025, allowing victims to recover their files for free.
This collaborative effort demonstrates the effectiveness of international cooperation in combating cybercrime and disrupting the operations of ransomware groups like Phobos.
About Author
English