DOJ announces charges for affiliates of Phobos ransomware group

Feb 18, 2025 - 03:31 PM
What Boards Need to Know About Cybersecurity

The Department of Justice Feb. 10 announced charges for Roman Berezhnoy and Egor Nikolaevich Glebov, Russian nationals alleged to be leaders of a ransomware group operating under the names “8Base” and “Affiliate 2803,” among others. The group is an affiliate of the Phobos ransomware group and carried out cyberattacks from May 2019 through at least October 2024, according to the DOJ. Their victims include a children's hospital and other health care providers, along with educational institutions.   

The DOJ announcement preceded one by the Department of the Treasury’s Office of Foreign Assets Control Feb. 11 on the U.S., U.K. and Australia sanctioning Zservers, a Russia-based bulletproof hosting services provider, for its role in supporting LockBit ransomware attacks.    

“The charges against the Russian leaders of the Phobos ransomware gang and the sanctions against Zservers should be applauded,” said John Riggi, AHA national advisor for cybersecurity and risk. “These notorious ransomware groups have been directly implicated in highly disruptive ransomware attacks against hospitals, resulting in a risk to patient and community safety. Continued disruption operations by the U.S. government combined with cyberthreat intelligence sharing with the health care field will enhance our cyber defensive measures while increasing risk and consequences for the perpetrators.”   

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
Agencies issue advisory on updated tactics by Play ransomware group
The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used…
Headline
Agencies release guidance on AI data security 
The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners May 22 released guidance on securing data used for…
Headline
Russian state-sponsored cyber actors targeting tech companies, others 
The FBI, along with the National Security Agency and other international cybersecurity agencies, this week released a joint agency advisory on cyber operations…
Headline
FBI warns of cyber actors exploiting end-of-life routers
The FBI's Internet Crime Complaint Center released an alert May 7 warning of cyber actors exploiting vulnerabilities in end-of-life routers. Routers dated 2010…
Headline
FBI warns of malicious text, voice-messaging campaign impersonating senior U.S. officials
The FBI’s Internet Criminal Complaint Center May 15 released an alert warning of a malicious text and voice messaging campaign involving impersonators…
Headline
AHA blog — 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, examines the state of cyber and physical threats in 2025 as…