Russian national Evgenii Ptitsyn pleaded guilty to running the Phobos ransomware outfit that extorted more than $39 million from more than 1,000 victims globally, the Justice Department said Wednesday.Ptitsyn assumed a leadership role in the Phobos ransomware group in January 2022, yet his criminal activities began by April 2019, according to court records. He continued leading the cybercrime syndicate until May 2024 when he was arrested in South Korea. Ptitsyn was extradited to the United States in November 2025.Federal prosecutors dropped multiple charges against Ptitsyn as part of a plea agreement he signed last month. He faces up to 20 years in prison for wire fraud conspiracy.Ptitsyn agreed to forfeit $1.77 million in assets and is required to pay at least $39.3 million in restitution, representing the full amount of his victims’ losses.The 43-year-old pleaded guilty to engaging in a global ransomware scheme with co-conspirators beginning in November 2020. Ptitsyn and alleged associates distributed Phobos ransomware to other co-conspirators who broke into victim networks, often with stolen credentials, to steal and encrypt data, which they used to extort victims for payment.Phobos ransomware administrators operated a site to coordinate the sale and distribution of Phobos ransomware to co-conspirators. Affiliates who successfully attacked victims with the ransomware paid $300 to administrators for a unique decryption key.Ptitsyn controlled multiple cryptocurrency wallets that received thousands of decryption key fees from affiliates who used Phobos to extort victims. He received 25% of the decryption key payment and sometimes received a portion of ransomware payments. “Ptitsyn and others were responsible for dozens of ransomware attacks against U.S. victims, including health care companies, hospitals, educational institutions, and providers of essential services,” federal prosecutors said in a stipulation of facts in his plea agreement. Phobos ransomware victims paid a collective amount of $30 million in ransoms, based on the value at the time of payment, according to court records. Victims also suffered losses of at least $9.3 million from Phobos ransomware attacks, including a U.S. educational institution that reported losses exceeding $4 million. “Ptitsyn and other members of the Phobos ransomware conspiracy launched ransomware attacks against more than 1,000 victims around the world, including at least 890 victims located in the United States,” prosecutors said.Officials provided details about 15 unnamed U.S. victims that paid a combined $536,000 in ransoms at the time of payment. Victims included a Maryland-based company that provided accounting and consulting services to federal agencies, an Illinois-based contractor for the Departments of Defense and Energy, and a children’s hospital in North Carolina.You can read the facts entered into court records as part of Ptitsyn’s plea agreement below.Evgenii-Ptitsyn-plea-agreement-factsDownloadThe post Phobos ransomware leader pleads guilty, faces up to 20 years in prison appeared first on CyberScoop.