The Department of Justice has brought charges against two Russian nationals who are accused of running a cybercrime organization that deployed ransomware to target numerous U.S. entities, generating over $16 million in revenue.
According to a DOJ news release, Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, allegedly utilized ransomware software known as Phobos to infiltrate victim computer networks, replicate and steal files and applications, and then encrypt the original data. After encryption, the defendants and their associates purportedly extorted victims for ransom payments in exchange for decryption keys, allowing them to regain access to their data.
Additionally, the pair allegedly threatened to expose stolen files and operated a dark web site to publish this stolen data. Among the victims were a children’s hospital, healthcare providers, and educational institutions, as stated by the Justice Department. These victims incurred significant data losses and financial damages.
Berezhnoy and Glebov were apprehended on Monday, with charges being announced on Tuesday.
Both individuals face charges that include one count of wire fraud conspiracy, one count of wire fraud, one count of conspiracy to commit computer fraud and abuse, three counts of intentionally damaging protected computers, three counts of extortion concerning damage to a protected computer, one count of issuing a threat to compromise the confidentiality of stolen data, and one count of unauthorized access and obtaining information from a protected computer.
If found guilty, each wire fraud-related count could result in a maximum prison sentence of 20 years. Each count related to computer damage carries a potential maximum penalty of 10 years, while the other charges could lead to a maximum sentence of five years each.
The arrests coincide with international law enforcement announcing various measures against cybercriminals. Recently, Russian national Evgenii Ptitsyn was arrested and extradited on charges linked to his alleged management of Phobos ransomware. Moreover, authorities from Europe and Germany announced a coordinated effort with the FBI and other law enforcement agencies, which has disrupted over 100 servers connected to the criminal network in which Berezhnoy and Glebov operated, according to the Department of Justice.
This past Tuesday, the U.S., Australia, and the United Kingdom imposed sanctions on Zservers, a Russian hosting service provider that facilitates ransomware attacks by a group known as LockBit. This group employs identical data extortion tactics as those attributed to Berezhnoy and Glebov.
“Ransomware actors and other cybercriminals depend on third-party network service providers like Zservers to carry out their attacks on U.S. and international critical infrastructure,” stated Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith in a news release regarding the sanctions. “Today’s trilateral action with Australia and the United Kingdom highlights our joint commitment to dismantling this criminal ecosystem, regardless of its location, to safeguard our national security.”
