LOGO

8base Ransomware Operators Arrested: Global Takedown

February 11, 2025
Topics:8basecybersecurityphobosransomwareSecuritysecurity
8base Ransomware Operators Arrested: Global Takedown

International Operation Disrupts Major Ransomware Network

A coordinated global effort by law enforcement agencies has resulted in the apprehension of four Russian citizens. These individuals are suspected of participating in over 1,000 ransomware incidents globally.

Operation “Phobos Aetor” and the Arrests

The operation, designated “Phobos Aetor,” culminated in the arrest of the four alleged hackers in Phuket, Thailand. Bavarian police confirmed the details of the arrests.

Investigations have connected the suspects to the 8base ransomware group. This group is identified as the most significant affiliate operating within the broader Phobos ransomware-as-a-service ecosystem.

Connection to the 8base Data Extortion Gang

Authorities have long established a link between Phobos and the 8base data extortion gang. As part of this operation, the gang’s dark web leak site was also taken offline.

Charges Unsealed by the Justice Department

On Tuesday, the Justice Department revealed charges against two of the suspects: Roman Berezhnoy, aged 33, and Egor Nikolaevich Glebov, aged 39. They are accused of leading the 8base ransomware affiliate organization.

The indictment alleges that this organization targeted both public and private sector entities through the deployment of Phobos ransomware.

Previous Warnings from the FBI

The FBI issued a warning last year detailing the use of Phobos in attacks against critical infrastructure. Targets included local governments, emergency services, and public healthcare organizations throughout the United States.

8base’s Development of a Ransomware Variant

According to Europol, 8base leveraged the Phobos ransomware infrastructure. They utilized it not only for attacks but also to create their own customized version of the ransomware.

Evidence Seized and Servers Taken Down

Law enforcement officials have seized over 40 items of evidence. This includes mobile phones, laptops, and digital wallets.

More than 100 servers associated with the criminal network were also taken offline, as reported by the Justice Department. Europol stated that over 400 companies were alerted to potential, ongoing, or imminent ransomware attacks.

Previous Disruptions of the Phobos Operation

Last year, the U.S. government successfully secured the extradition of a Russian hacker. This individual was allegedly a key administrator within the Phobos ransomware operation.

Furthermore, another Phobos affiliate was apprehended in Italy in 2023, acting on a French arrest warrant.

#8base ransomware#ransomware arrest#cybercrime#ransomware takedown#malware#cybersecurity

Related Posts

NHS England Data Breach Confirmed by Tech Provider

NHS England Data Breach Confirmed by Tech Provider

Cisco Zero-Day Exploit: Chinese Hackers Targeting Customers

Cisco Zero-Day Exploit: Chinese Hackers Targeting Customers

Pornhub Hacked: User Data Extorted by Hacking Group

Pornhub Hacked: User Data Extorted by Hacking Group

Google and Apple Release Emergency Security Updates

Google and Apple Release Emergency Security Updates

700credit Data Breach: 5.6 Million Affected

700credit Data Breach: 5.6 Million Affected

Home Depot Data Breach: Internal Systems Exposed for a Year

Home Depot Data Breach: Internal Systems Exposed for a Year