Polish Authorities Arrest Alleged Phobos Ransomware Affiliate Operative

Law Enforcement Cracks Down on Phobos Ransomware Affiliate

A 47-year-old individual has been taken into custody by Polish authorities for allegedly participating in a string of ransomware attacks as an affiliate of the notorious Phobos group.

Arrest and Charges

The suspect, whose identity has not been disclosed, was apprehended during a raid on his residence in the Małopolskie province. He is facing up to five years’ imprisonment for his purported crimes.

International Cooperation

The arrest marks the latest in a series of coordinated efforts by law enforcement agencies to dismantle the Phobos ransomware operation, which has also been linked to the 8base ransomware group.

Seized Evidence

During the raid, law enforcement seized a computer and multiple mobile phones allegedly used to commit cyberattacks. The suspect has been charged with producing, obtaining, and sharing computer programs designed to illicitly obtain information stored on IT systems.

Phobos Ransomware

Phobos ransomware has claimed over 1,000 victims worldwide and has received more than $16 million in extortion payments as of February 2025, according to the Justice Department. The group’s victims include hospitals, schools, non-profit organizations, and a company contracted by the Defense Department.

Decline in Activity

The malicious activity associated with Phobos significantly decreased following the extradition of Russian national Evgenii Ptitsyn, the alleged developer and administrator of Phobos ransomware, from South Korea to the United States in November 2024.

Upcoming Trial

His pretrial motions are scheduled to be heard this week in the U.S. District Court of Maryland.

About Author

Vaibhav

See author's posts