8Base ransomware group leaders arrested in European law enforcement operation

A global law enforcement operation coordinated by Europol disrupted the 8Base ransomware group’s infrastructure and led to the arrest of its lead operators.

 

Since Monday, the ransomware group’s Tor-based leak site displayed a seizure banner notifying viewers that law enforcement authorities have taken it down.

 

“This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg,” reads the banner.

 

In a recent press release, Europol announced that a coordinated international law enforcement operation has led to the arrest of four individuals leading the 8Base ransomware group. Law enforcement agencies also took down as many as 27 servers linked to the ransomware group’s network.

 

The arrested individuals of Russian nationality are suspected of deploying a variant of Phobos ransomware to extort high-value payments from victims across Europe and in other regions.

 

“First detected in December 2018, Phobos ransomware has been a long-standing cybercrime tool, frequently used in large-scale attacks against businesses and organisations worldwide. Unlike high-profile ransomware groups that target major corporations, Phobos relies on high-volume attacks against small to medium-sized businesses, which often lack the cybersecurity defences to protect themselves,” Europol said.

 

Europol added that the investigation into Phobos started in February 2019, with assistance from law enforcement authorities in Belgium, Czech Republic, France, Germany, Japan, Poland, Romania, Thailand and other countries across the globe.

 

The investigation resulted in the arrest of a Phobos administrator in South Korea in June 2024 who was extradited to the United States in November. Another key Phobos affiliate was arrested in Italy in 2023 on a French arrest warrant which weakened the network behind this ransomware strain even more.

 

The individual arrested in South Korea is now facing prosecution for “orchestrating ransomware attacks that encrypted critical infrastructure, business systems, and personal data for ransom.”

 

“As a result of this operation, law enforcement was also able to warn more than 400 companies worldwide of ongoing or imminent ransomware attacks,” reads the press release.