Feb 10, 2025
International Operation Targets 8Base and Phobos Ransomware Gangs
In a coordinated global effort, law enforcement agencies have successfully dismantled the dark web infrastructure of the 8Base ransomware gang and arrested four individuals linked to the Phobos ransomware.
8Base Ransomware Sites Seized
Authorities, including the U.K. National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), Europol, and other agencies, seized 8Base’s data leak and negotiation sites. A seizure notice now replaces the websites, stating:
“This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg.”
Seizure announcement
8Base has been a significant player in ransomware attacks, employing double extortion tactics since 2023. Their infrastructure facilitated negotiations and data leaks from compromised victims.
Operation Phobos Aetor: Arrests in Thailand
The law enforcement operation, codenamed “Phobos Aetor,” resulted in the arrest of two men and two women in Phuket, Thailand. All suspects are European nationals accused of conducting ransomware attacks on at least 17 Swiss companies between April 2023 and October 2024.
Arrest scene (The Nation)
Authorities confiscated over 40 digital assets, including laptops, smartphones, and cryptocurrency wallets, which are now undergoing forensic examination. The total financial impact of their ransomware campaigns is estimated at $16 million, affecting over 1,000 victims worldwide.
Connections Between 8Base and Phobos Ransomware
Investigations reveal that 8Base incorporated Phobos ransomware artifacts into their operations. Some encrypted files featured the “.8base” extension, indicating a technical link between the two groups. Similarities have also been noted between 8Base and the RansomHouse extortion group, particularly in their ransom notes and dark web infrastructure.
Global Crackdown on Ransomware
This operation follows a series of law enforcement actions against major ransomware groups, including Hive, LockBit, and BlackCat. Notably, in late 2024, authorities extradited Evgenii Ptitsyn, a 42-year-old Russian national suspected of being a key administrator of the Phobos ransomware, to the U.S. for prosecution.
Operation Phobos Aetor is the latest in a series of global crackdowns on cybercriminal networks. Recently, Operation Talent, led by the FBI, targeted major illicit online forums, Cracked.io and Nulled.to, known for trading stolen data, malware, and hacking tools. These platforms facilitated cybercrime by providing cybercriminals with compromised credentials and attack resources.
SOCRadar tracks ransomware groups, including 8Base and Phobos, through its advanced threat intelligence solutions. By leveraging Dark Web Monitoring, and real-time intelligence feeds, SOCRadar helps organizations stay ahead of emerging threats. Security teams can utilize SOCRadar’s platform to identify potential ransomware indicators, analyze attack trends, and enhance their cyber defenses against such groups.
The success of Operation Phobos Aetor underscores the growing effectiveness of international cybercrime collaboration. By dismantling key ransomware infrastructures and arresting critical members, law enforcement agencies continue to weaken the operational capabilities of these cybercriminals, ultimately protecting organizations worldwide. Organizations can further strengthen their security posture by leveraging threat intelligence platforms like SOCRadar to detect and mitigate ransomware threats proactively.
Related Articles
Major Cyber Attacks in Review: January 2025
Subscribe to our newsletter and stay updated on the latest insights!