Home > Security > Security News

Phobos Ransomware Affiliate Arrested in Poland in Global Crackdown

Published on February 18, 2026
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Police - Hacker - Arrest - Handcuffs
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Key Arrest: Polish police have detained a 47-year-old man in the Małopolska region for his alleged involvement with the Phobos ransomware group.
  • International Effort: The arrest is part of Operation Aether, a coordinated international crackdown targeting Phobos developers and affiliates across Europe and beyond.
  • Seized Assets: Authorities found files containing logins, passwords, credit card numbers, as well as encrypted comms linked to Phobos.

A 47-year-old suspect believed to be an affiliate of the notorious Phobos ransomware operation was detained in the Małopolska region as part of a coordinated action by police in Katowice and Kielce, Poland’s Central Bureau for Combating Cybercrime has announced. 

Part of a Larger Cybercrime Operation

The individual, whose identity is yet to be revealed, is suspected of “creating, acquiring, and sharing computer programs used to unlawfully obtain information stored in computer systems.” 

During the raid, officers found encrypted messages linking him to the notorious group and secured files containing logins, passwords, credit card numbers, and server IP addresses.

Polish authorities seizure | Source: Poland’s Office for Combating Cybercrime
Polish authorities seizure | Source: Poland’s Office for Combating Cybercrime

The victims include (specific reported cases):

This detention is part of Operation Aether, a broader European initiative to dismantle the Phobos infrastructure. This international effort has led to the arrest of both the ransomware's back-end developers and the affiliates responsible for conducting attacks, Polish Police said. 

Implications for Cybersecurity Enforcement

The Phobos gang was known for attacking a wide range of entities and accepting smaller ransoms, making them a persistent threat. These coordinated actions disrupt operations and send a clear message that affiliates are not immune from prosecution.

The Polish cybercrime operation follows the extradition of the alleged Phobos administrator, Evgenii Ptitsyn, to the U.S. in 2024 and raids in Thailand that apprehended other key members. 

Phobos and its related strain, 8Base, have collected millions from victims since 2019 by targeting critical infrastructure.

A law enforcement operation led to the arrest of four Russian nationals in early 2025, who were suspected of deploying Phobos ransomware. In 2023, an affiliate in Italy was arrested on a French warrant, and in 2024, a Phobos administrator was apprehended in South Korea and extradited to the U.S.  

Add a Comment
Related
Weekly Cybersecurity News: Increased Focus on Supply Chain And Credentials To Expand Access
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Most Popular
Weekly Cybersecurity News: Increased Focus on Supply Chain And Credentials To Expand Access
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Weekly Cybersecurity News: Increased Focus on Supply Chain And Credentials To Expand Access
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit

Most Popular
Weekly Cybersecurity News: Increased Focus on Supply Chain And Credentials To Expand Access
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Weekly Cybersecurity News: Increased Focus on Supply Chain And Credentials To Expand Access
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: