International law enforcement agencies have seized the dark web infrastructure of the notorious 8Base ransomware group and arrested four suspected members, including two men and two women.
The operation, led by the Bavarian State Criminal Police Office and the Office of the Public Prosecutor General in Bamberg, targeted the group’s TOR-based leak site used to publish stolen data and pressure victims into paying ransoms.
According to a Thai media report, the arrests, carried out in Phuket, Thailand, targeted individuals believed to be part of the Phobos ransomware gang, the malware family linked to 8Base’s operations. The suspects are accused of carrying cyberattacks against over 1,000 victims worldwide, marking a big win in the ongoing fight against ransomware.
The 8Base ransomware group began its activities in 2022, initially operating on a smaller scale, suggesting it was in a developmental phase. By early 2023, the group emerged in its current form, rapidly evolving its tactics. In May 2023, 8Base adopted a multi-extortion model, encrypting data and threatening to leak it unless a ransom was paid. They also launched a TOR-based victim blog to publish stolen data.
By mid-2023, the group saw a sharp increase in activity, targeting organizations across various sectors. Analysts believe 8Base is using a modified version of Phobos ransomware, which has been linked to numerous attacks. The group’s impact has been global, with a significant number of victims in the United States and Brazil.
The latest infrastructure seizure and arrests come just two months after a Russian national was extradited to the United States to face charges related to the Phobos ransomware operation. This takedown also highlights law enforcement agencies’ commitment to fighting cybercrime, following the recent arrest of the admin behind the infamous cybercrime and hacker forums, Cracked and Nulled, just two weeks ago.
This article will be updated with more information once official confirmation from authorities is available. For now, it is confirmed that the agencies involved in this operation include the DoD Cyber Crime Center, FBI, Europol, Japan’s National Police Agency, the UK’s National Crime Agency (NCA), Germany’s Bavarian State Criminal Police Office, the Federal Office of Police, and Thailand’s Cyber Crime Investigation Bureau.
