The U.S. Department of Justice has recently brought charges against Roman Berezhnoy and Egor Nikolaevich Glebov, Russian nationals accused of leading a ransomware group known as "8Base" and "Affiliate 2803," affiliated with the Phobos ransomware operation.
On February 10, 2025, the DOJ announced charges against Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, for allegedly leading a cybercrime group operating under the names "8Base" and "Affiliate 2803." This group is affiliated with the Phobos ransomware operation, which is accused of conducting cyberattacks from May 2019 through at least October 2024. Their victims include a children's hospital, other healthcare providers, and educational institutions.
The Phobos ransomware group has been notorious for targeting various sectors, including healthcare and education, causing disruptions and financial losses. The recent charges against Berezhnoy and Glebov are part of a broader effort by U.S. authorities to dismantle ransomware operations and hold cybercriminals accountable.
John Riggi, AHA national advisor for cybersecurity and risk, commented on the charges: "The charges against the Russian leaders of the Phobos ransomware gang and the sanctions against Zservers should be applauded. These notorious ransomware groups have been directly implicated in highly disruptive ransomware attacks against hospitals, resulting in a risk to patient and community safety."
The charges against Berezhnoy and Glebov show the threat posed by the Phobos ransomware group, which has targeted critical sectors within the United States, like education and healthcare. Their arrest and the subsequent international crackdown displays the global commitment to combating cybercrime and protecting essential services from malicious cyber activities.
The DOJ's actions against the Phobos ransomware affiliates is a sign of their strong commitment to addressing cybercrime. Organizations must remain vigilant and refine their cybersecurity protocols to protect against such threats.
The Phobos ransomware group is a cybercriminal organization known for carrying out malicious cyberattacks, primarily targeting healthcare, education, and other critical sectors.
Zservers, a Russia-based bulletproof hosting provider, was sanctioned for supporting ransomware attacks, including those carried out by the Phobos group.
Ransomware operators face legal consequences such as criminal charges, asset freezes, and international sanctions aimed at dismantling their operations.