Month: November 2024

Source: United States Department of Justice Criminal Division

A two-count indictment was unsealed today charging a U.S. Postal Service Postmaster with a federal civil rights violation for sexually assaulting a victim while acting under color of law and assaulting the victim, a federal employee, during the course of her official duties.

According to the indictment, on Nov. 26, 2022, in Teaneck, New Jersey, Gabriel Ekram Pagabe Ali, 47, sexually assaulted the victim, an employee of the U.S. Postal Service while on duty as a Postmaster at the U.S. Post Office in Teaneck.

Count One of the indictment charges Ali with depriving the victim of her right to bodily integrity when he sexually assaulted the victim. Count Two of the indictment charges Ali with forcibly assaulting the victim while she was engaged in official duties.

If convicted, Ali faces a maximum penalty of three years in prison for the civil rights count and eight years in prison for the assault count. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

Assistant Attorney General Kristen Clarke of the Justice Department’s Civil Rights Division, U.S. Attorney Philip R. Sellinger for the District of New Jersey and Special Agent in Charge Matthew Modafferi of the U.S. Postal Service Office of Inspector General made the announcement.

The U.S. Postal Service Office of Inspector General is investigating the case.

Trial Attorneys Laura Gilson and Chloe Neely of the Civil Rights Division’s Criminal Section and Assistant U.S. Attorneys Joseph Gribko and Javon Henry for the District of New Jersey are prosecuting the case.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Source: United States Department of Justice Criminal Division

The Justice Department unsealed criminal charges today against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos ransomware. Ptitsyn made his initial appearance in the U.S. District Court for the District of Maryland on Nov. 4 after being extradited from South Korea. Phobos ransomware, through its affiliates, victimized more than 1,000 public and private entities in the United States and around the world, and extorted ransom payments worth more than $16 million dollars.

“The Justice Department is committed to leveraging the full range of our international partnerships to combat the threats posed by ransomware like Phobos,” said Deputy Attorney General Lisa Monaco. “Evgenii Ptitsyn allegedly extorted millions of dollars of ransom payments from thousands of victims and now faces justice in the United States thanks to the hard work and ingenuity of law enforcement agencies around the world — from the Republic of Korea to Japan to Europe and finally to Baltimore, Maryland. Together with our partners across the globe, we will continue to hold cybercriminals accountable and protect innocent victims.”

“The indictment alleges that Ptitsyn and his co-conspirators ran the Phobos ransomware group, whose members committed ransomware attacks against more than 1,000 public and private victims throughout the United States and the rest of the world,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “Ptitsyn and his co-conspirators hacked not only large corporations but also schools, hospitals, nonprofits, and a federally recognized tribe, and they extorted more than $16 million in ransom payments. Ptitsyn’s indictment, arrest, and extradition reflect the Criminal Division’s commitment to leading the fight against the international scourge of ransomware. We are especially grateful to our domestic and foreign law enforcement partners, like South Korea, whose collaboration is essential to disrupting and deterring the most significant cybercriminal threats facing the United States.”

“It’s only a matter of time, cybercriminals will be caught and brought to justice,” said U.S. Attorney Erek L. Barron for the District of Maryland. “According to the indictment, Ptitsyn facilitated the worldwide use of a dangerous ransomware strain to target corporations and various organizations, including government agencies, healthcare facilities, educational institutions, and critical infrastructure. The U.S. Attorney’s Office for the District of Maryland is committed to bringing cybercriminals to justice and working with the private sector and the academic community to prevent and disrupt their activities.”

“The FBI is working tirelessly to ensure that ransomware actors, both developers and affiliates, face the consequences of their actions,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “We know it takes strong partnerships to disrupt cybercriminal networks, and the FBI must thank our partners for the important roles they play in carrying out this mission. The extradition announced today would not have been possible without their assistance.”

As alleged in the indictment, beginning in at least November 2020, Ptitsyn and others conspired to engage in an international computer hacking and extortion scheme that victimized public and private entities through the deployment of Phobos ransomware.

As part of the scheme, Ptitsyn and his co-conspirators allegedly developed and offered access to Phobos ransomware to other criminals or “affiliates” for the purposes of encrypting victims’ data and extorting ransom payments from victims. The administrators operated a darknet website to coordinate the sale and distribution of Phobos ransomware to co-conspirators and used online monikers to advertise their services on criminal forums and messaging platforms. At relevant times, Ptitsyn allegedly used the monikers “derxan” and “zimmermanx.”

Affiliates would then allegedly hack into the victims’ computer networks, often using stolen or otherwise unauthorized credentials; copy and steal files and programs on the victims’ networks; and encrypt the original versions of the stolen data on the networks by installing and executing Phobos ransomware. Affiliates then extorted the victims for ransom payments in exchange for the decryption keys to regain access to encrypted data by leaving ransom notes on compromised victims’ computers and by calling and emailing victims to initiate the ransom payment negotiations. Affiliates also threatened to expose victims’ stolen files to the public or to the victims’ clients, customers, or constituents if the ransoms were not paid.

After a successful Phobos ransomware attack, criminal affiliates paid fees to Phobos administrators like Ptitsyn for a decryption key to regain access to the encrypted files. Each deployment of Phobos ransomware was assigned a unique alphanumeric string in order to match it to the corresponding decryption key, and each affiliate was directed to pay the decryption key fee to a cryptocurrency wallet unique to that affiliate. From December 2021 to April 2024, the decryption key fees were then transferred from the unique affiliate cryptocurrency wallet to a wallet controlled by Ptitsyn.

Ptitsyn is charged in a 13-count indictment with wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, four counts of causing intentional damage to protected computers, and four counts of extortion in relation to hacking. If convicted, Ptitsyn faces a maximum penalty of 20 years in prison for each wire fraud count; 10 years in prison for each computer hacking count; and five years in prison for conspiracy to commit computer fraud and abuse. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI Baltimore Field Office is investigating the case. The Justice Department’s Office of International Affairs worked with the International Criminal Affairs Division of the Korean Ministry of Justice to secure the arrest and extradition of Ptitsyn. The Justice Department extends its thanks to international judicial and law enforcement partners in South Korea, the United Kingdom, Japan, Spain, Belgium, Poland, Czech Republic, France, and Romania, as well as Europol and the U.S. Department of Defense Cyber Crime Center, for their cooperation and coordination with the Phobos ransomware investigation. The Justice Department’s National Security Division also provided valuable assistance.

Senior Counsel Aarash A. Haghighat of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Aaron S.J. Zelinsky and Thomas M. Sullivan for the District of Maryland are prosecuting the case. CCIPS Trial Attorney Riane Harper and former Assistant U.S. Attorney Jeffrey J. Izant for the District of Maryland provided substantial assistance.

Additional details on protecting networks against Phobos ransomware are available at StopRansomware.gov, including Cybersecurity and Infrastructure Security Agency Advisory AA24-060A.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Source: United States Department of Justice Criminal Division

Lisa L. Lambert has been appointed by Attorney General Merrick B. Garland as the U.S. Trustee for the Northern and Eastern Districts of Texas (Region 6) effective today. Lambert replaces Kevin M. Epstein, who filled the Region 6 role in an interim capacity and who continues to serve as the U.S. Trustee for the Southern and Western Districts of Texas (Region 7).

Lambert joined the U.S. Trustee Program (USTP) in 1998 as a trial attorney in the field office in Tyler, Texas. She has since served the USTP in a variety of capacities. After three years in three of the USTP’s New York offices, Lambert returned to Texas in 2009 as a trial attorney in the Dallas field office, and she has served as the Assistant U.S. Trustee in charge of that office since 2012. In addition to her extensive service to the USTP, Lambert has held several leadership positions in the Federal Bar Association’s bankruptcy section, and she coached oral advocacy and briefing skills to Texas Tech University law students competing in the Duberstein Bankruptcy Moot Court Competition for more than a decade.

Lambert received a bachelor’s degree in English from the University of North Carolina at Chapel Hill and a law degree from Texas Tech University School of Law. After law school, she clerked for Chief Bankruptcy Judge Houston Abel for the Eastern District of Texas and worked at a boutique law firm focused on bankruptcy.

The Executive Office for U.S. Trustees made the announcement.

The USTP’s mission is to promote the integrity and efficiency of the bankruptcy system for the benefit of all stakeholders – debtors, creditors and the public. The USTP consists of 21 regions with 89 field offices nationwide and an Executive Office in Washington, D.C. Learn more about the USTP at www.justice.gov/ust.