EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Ransomware: Russian Phobos Affiliate Appears Before a French Court
    • Home
    • Cybercrime
    • Ransomware: Russian Phobos Affiliate Appears Before a French Court

    Ransomware: Russian Phobos Affiliate Appears Before a French Court

    Written by
    The Editorial Team
    02.17.26
    Cybercrime
    01
    MIN
    Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Image GitHub confirms it was hacked by TeamPCP
    Cybercrime
    05.21.26 Cybercrime
    Next article
    GitHub confirms it was hacked by TeamPCP
    Read
    01
    MIN
    Image A 0-day attack against Huawei routers may have caused Luxembourg’s telecom outage in 2025
    Cybercrime
    05.21.26 Cybercrime
    Next article
    A 0-day attack against Huawei routers may have caused Luxembourg’s telecom outage in 2025
    Read
    01
    MIN
    Image Massive data breach hits Asian football two months before the World Cup
    Cybercrime
    04.29.26 Cybercrime
    Next article
    Massive data breach hits Asian football two months before the World Cup
    Read
    01
    MIN
    Image Germany investigates Signal hack targeting its political class
    Cybercrime
    04.27.26 Cybercrime
    Next article
    Germany investigates Signal hack targeting its political class
    Read
    01
    MIN
    He is accused of attacks against French organizations that allegedly caused €900,000 in damages.

    A Russian affiliate of the Phobos ransomware gang appeared on 11 February 2026 before the 13th Criminal Chamber of the Paris Judicial Court, alongside his partner. Law enforcement authorities arrested them in Milan in August 2023. He is accused of having targeted 65 organizations in France, resulting in total damages estimated at €900,000. His partner allegedly assisted him in laundering the proceeds of his criminal activities.

    Documents found on a USB drive belonging to the suspect listed around ten attacks carried out since 2016 using the CrypotMix and later Phobos ransomware strains. The drive also contained access credentials to Phobos’s affiliate service, the gang’s malware tools, and user instructions. The latter notably prohibited attacks against Russian organizations or entities located in the former Soviet sphere.

    Exchanges with an individual known as “Syndicate,” believed to be the main operator behind Phobos, suggest that he retained 30% of the ransom payments. Conversations with a money launderer indicate that the suspect handled over a ten-year period 284 bitcoins (€11 million), 63 million rubles (€690,000), and $185,000 (€156,000). However, only one French victim ultimately paid a ransom.

    The court is expected to deliver its verdict on 19 February 2026.

    The Editorial Team
    02.17.26
    Articles by the same author:
    1
    05.27.26 Cyber stability
    The ECB summons European banks to discuss AI-related risks
    Read
    01
    MIN
    2
    05.25.26 Cybercrime
    France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Read
    01
    MIN
    3
    05.25.26 Cybercrime
    Arrest of Canadian man suspected of running the KimWolf botnet
    Read
    01
    MIN
    4
    05.25.26 Digital transformation
    Canada: government ready to amend its law on law enforcement access to data
    Read
    01
    MIN
    Image GitHub confirms it was hacked by TeamPCP
    Cybercrime
    05.21.26 Cybercrime
    Next article
    GitHub confirms it was hacked by TeamPCP
    Read
    01
    MIN
    Image A 0-day attack against Huawei routers may have caused Luxembourg’s telecom outage in 2025
    Cybercrime
    05.21.26 Cybercrime
    Next article
    A 0-day attack against Huawei routers may have caused Luxembourg’s telecom outage in 2025
    Read
    01
    MIN
    Image Massive data breach hits Asian football two months before the World Cup
    Cybercrime
    04.29.26 Cybercrime
    Next article
    Massive data breach hits Asian football two months before the World Cup
    Read
    01
    MIN
    Image Germany investigates Signal hack targeting its political class
    Cybercrime
    04.27.26 Cybercrime
    Next article
    Germany investigates Signal hack targeting its political class
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.