The U.S. Department of Justice announced on February 11, 2025, that Russian nationals Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, have been charged for their alleged roles in operating a cybercrime group responsible for deploying Phobos ransomware. The group is accused of targeting over 1,000 public and private organizations worldwide, including hospitals, healthcare providers, and schools, collecting more than $16 million in ransom payments.
According to court documents, Berezhnoy and Glebov operated under aliases such as “8Base” and “Affiliate 2803,” running a ransomware affiliate operation that deployed Phobos ransomware to extort victims. The two are facing an 11-count indictment, including charges of wire fraud, conspiracy to commit computer fraud, and multiple counts of intentionally damaging protected computers and extorting victims. If convicted, they face up to 20 years in prison for wire fraud-related charges, 10 years for each count of computer damage, and five years for other offenses.
The arrests were part of a coordinated international effort that also involved dismantling the group’s cyber infrastructure. This operation highlights the increasing collaboration between global law enforcement agencies in the fight against cybercrime.
Phobos ransomware is notorious for encrypting victims' data and demanding payment for decryption, causing severe financial and operational disruptions.
This crackdown follows previous actions against the Phobos ransomware group. In June 2024, authorities arrested a key administrator of Phobos in South Korea. He was later extradited to the United States in November to face charges related to ransomware attacks on critical infrastructure, businesses, and personal data.
Source: U.S. DoJ
