Charges Filed Against Russian Nationals for Ransomware Operations
In a significant crackdown on cybercrime, the U.S. Department of Justice (DOJ) has announced the arrest of two Russian nationals, Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39. They stand accused of orchestrating a ransomware group that targeted hundreds of entities across the United States, accumulating over $16 million in illicit gains.
Allegations of Ransomware Attacks
The DOJ reports that Berezhnoy and Glebov utilized a ransomware variant known as Phobos to infiltrate victim networks. Their modus operandi involved accessing and copying sensitive files, encrypting original data, and subsequently demanding ransom payments to allow victims access to their own information once again.
In addition to ransom demands, the duo reportedly threatened to disclose stolen files and were believed to maintain a dark web site for publishing this data. The entities affected by their scheme included critical services, such as a children’s hospital, healthcare providers, and educational institutions, all of which faced both monetary losses and significant data compromise.
Criminal Charges
Berezhnoy and Glebov were arrested on Monday, with charges made public the following day. Each faces an extensive array of serious allegations, including:
- One count of conspiracy to commit wire fraud
- One count of wire fraud
- One count of conspiracy to commit computer fraud and abuse
- Three counts of causing intentional damage to protected computers
- Three counts of extortion related to damage to protected computers
- One count of transmitting a threat concerning the confidentiality of stolen data
- One count of unauthorized access and obtaining information from a protected computer
If found guilty, the penalties are severe; each wire fraud charge carries a potential 20-year prison sentence, while counts related to computer damage may result in up to 10 years. Other charges could lead to penalties of five years each.
International Collaboration and Crackdown on Cybercrime
This arrest comes on the heels of broader international efforts to dismantle cybercriminal networks. Notably, another Russian national, Evgenii Ptitsyn, was apprehended and extradited recently on similar charges connected to his involvement with the Phobos ransomware group. In a coordinated effort involving U.S. authorities and European counterparts, over 100 servers linked to criminal activities associated with Berezhnoy and Glebov have been disrupted, according to the DOJ.
Further Actions Against Ransomware Providers
In a related development, the U.S., in collaboration with Australia and the United Kingdom, targeted Zservers, a Russian hosting provider alleged to facilitate ransomware attacks conducted by the LockBit group. This collective initiative underscores a commitment to disrupting the infrastructure that enables these cybercriminal activities. According to Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, “Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on U.S. and international critical infrastructure.” He further emphasized the importance of global cooperation in combating such threats.
