Global Operation Shuts Down 8Base Ransomware Network

Gang extorted more than $16 million worldwide

Image:

Operation involved authorities from 14 countries including Thailand, Germany and Japan

Another ransomware group has been felled by an international operation

A team of international law enforcement agencies has seized the 8Base ransomware group website.

The group’s dark web data leak and negotiation sites are now offline, with visitors now greeted by a seizure notice from the Bavarian State Criminal Police Office.

The seizure message was first spotted on Monday by users on the open-source social media networking service Mastodon

The operation, codenamed "Phobos Aetor," involved coordinated efforts from Europol, the FBI, the UK’s National Crime Agency (NCA), and authorities from 14 countries, including Thailand, Germany, and Japan.

Besides the domain takeover, four European nationals, two men and two women were arrested by the Thai Police in Phuket, a small island in Southern Thailand.

In a press release on Tuesday, Europol confirmed that the arrests also led to the seizure of 27 servers and other items that aided their operations.

Authorities believe the suspects targeted organizations in Switzerland, the United States, and other countries between April 2023 and October 2024.

The 8Base ransomware gang has been active since 2022 but ramped up its activities in mid-2023. The group is suspected of deploying Phobos ransomware to extort over $16 million from more than 1,000 victims worldwide.

Known for their sophisticated techniques, the group allegedly encrypted victims’ files using Phobos ransomware and demanded hefty ransoms for decryption keys while threatening to leak stolen data. Their targets include small-to-medium-sized businesses across sectors like healthcare and technology.

The Phobos ransomware strain, which emerged in December 2018, remains an active threat in the cybercrime landscape and operates on a RaaS model which has contributed to its widespread use.

This operation is part of a broader effort to curb ransomware attacks globally. Earlier this month, international law enforcement agencies led another high-profile operation that shut down two of the world’s largest cybercrime forums — Cracked and Nulled.