Polish authorities have arrested a 47-year-old man suspected of ties to the Phobos ransomware group, seizing devices containing credentials and encrypted communications that could have facilitated cyberattacks.
Polish police have arrested and charged a 47-year-old man over ties to the Phobos ransomware group following a property raid. The 47-year-old was cuffed after cops visited his apartment in the Lesser Poland Voivodeship province, and looked through his devices, finding various artifacts that investigators believe are linked to cybercrime.
Officials said Tuesday the man's devices contained logins, passwords, credit card numbers, and server IP addresses that could have been used to launch "various attacks, including ransomware." "After conducting technical investigations, it was discovered that the data contained information that could be used to breach electronic security," police said. "Furthermore, according to information gathered in the case, the 47-year-old used encrypted messaging to contact the Phobos criminal group, known for conducting ransomware attacks."
Image of the devices and contraband seized by CBZC police after raiding suspected Phobos associate's apartment (courtesy of CBZC)
According to an image shared by Poland's Central Office for Combating Cybercrime (CBZC), police seized one laptop, four smartphones, an array of payment cards, and a small amount of cannabis. The man was detained and charged with creating, acquiring, and sharing computer programs used to unlawfully obtain information, including data enabling unauthorized access to information stored in a computer system.
If convicted, he could receive a maximum prison sentence of five years, police said. The arrest stems from Europol's ongoing Operation Aether, which targets the 8Base ransomware group, believed to be linked to Phobos. It comes almost exactly a year since international law enforcement dismantled the 8Base crew, which was first assembled in 2022. Bavarian police seized the group's infrastructure used to host its data leak site, while four arrests were made in Thailand.
Before then, Phobos's alleged administrator, Russian national Evgenii Ptitsyn, aged 42 at the time, was arrested in South Korea in 2024 and extradited to the US that same year. The CBZC said Phobos had recorded more than 1,000 victims during its time on the ransomware scene, including hospitals, schools, nonprofits, and others. Current estimates peg the total revenue generated by the group at $16 million, securing an average of $54,000 in ransom payments per attack.
Comments
Please log in or register to join the discussion