A co-ordinated law enforcement operation has taken down the dark web data leak & negotiation sites associated with the 8Base ransomware gang.
Visitors to the data leak site are now greeted with a seizure banner that states: “This hidden site & the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg.”
NCA & FBI & Europol
The operation involved the UK National Crime Agency (NCA), the US Federal Bureau of Investigation (FBI), Europol, as well as agencies from Bavaria, Belgium, Czechia, France, Germany, Japan, Romania, Spain, Switzerland, & Thailand.
Media reports have revealed that 4 European nationals – 2 men & 2 women – were arrested across 4 different locations on Mon. as part of an effort codenamed Operation Phobos Aetor. The identities of the suspects were not disclosed.
Authorities have seized over 40 pieces of evidence, including mobile phones, laptops, & digital wallets.
Phobos
They are alleged to be linked to the deployment of Phobos ransomware against 17 companies located in Switzerland between April 2023 & Oct. 2024. Furthermore, the group has been accused of earning $16m through attacks that claimed over 1,000 victims across the world.
8Base, which emerged as a major double extortion player in 2023, has been previously found incorporating Phobos ransomware artifacts into their financially motivated cyber-attacks, with research from VMware uncovering a Phobos sample using a “.8base” file extension on encrypted files.
Overlaps
Overlaps have also been found between 8Base & RansomHouse, particularly when it comes to their ransom notes & dark web infrastructure.
The latest development comes following a series of high-profile disruptions associated with Hive, LockBit, & BlackCat in recent years. Late last year, Evgenii Ptitsyn, a 42-year-old Russian believed to be the administrator of the Phobos ransomware, was extradited to the USA.
