The US Department of Justice (DOJ) has cracked down on a cybercrime group affiliated with a sophisticated type of malware that helped them rack up more than $16 million in ransom payments.
Earlier this week, the DOJ unsealed criminal charges against Roman Berezhnoy and Egor Nikolaevich Glebov, two Russian nationals accused of operating a cybercrime group that used Phobos ransomware to attack more than 1,000 public and private entities.
The scheme. Between 2019 and 2024, Berezhnoy and Glebov, among others, allegedly obtained unauthorized access to the computers of their victims through credential theft and other mediums in a bid to steal sensitive data. Once they gained access to the computers, the cybercrime group installed and deployed the Phobos ransomware to encrypt data found on the devices, making it inaccessible to the victims it belonged to.
The accused duo would then leave ransom notes requesting Bitcoin payments in order to decrypt the data in the form of files on the compromised computers, according to court documents. Berezhnoy and Glebov would follow up those files with emails or phone calls to victims threatening to sell or expose the stolen data if the payment was not fulfilled. The cyber group was also accused of using an X account, formerly known as Twitter, to intimidate their victims, and a darknet website, where they would publish stolen data.
Victims of the cybergroup’s malicious activities include a Connecticut-based public school system, a Maryland-based law firm, and a Pennsylvania-based healthcare company.
Phobos on the rise. Phobos ransomware has continued to have a grip on the cybersecurity community since first surfacing in 2017. Last year, the FBI, CISA, and the Multi-State Information Sharing and Analysis Center released a joint cybersecurity advisory to inform the public of the indicators of compromise and tactics, techniques, and procedures associated with the ransomware.
The DOJ also unsealed charges against a Russian national for the “sale, distribution, and operation” of the sophisticated ransomware in November of last year.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.