- 8base ransomware group site has been seized by law enforcement
- Four have been arrested as part of the takedown
- The US and Switzerland may push for extradition
A joint operation from law enforcement groups across the US, Europe, and Asia, has seized the infamous 8base ransomware group’s dark web leak site as part of a takedown operation which saw four suspects arrested.
The site has now been shuttered, and site visitors are met with a message notifying users that the ‘criminal content’ and the site have been ‘seized by the Bavarian State Criminal Police Office’.
The four European suspects were arrested in Phuket, Thailand, with the charges against them include conspiracy to commit wire fraud, and conspiracy to commit an offense against the United States. US and Swiss authorities have reportedly requested extradition of the suspects.
Operation Phobos Aetor
The arrests were part of ‘Operation Phobos Aetor’ – and the 8base have previously been observed using a ‘bespoke version of the Phobos ransomware’ in an attack in which United Nations data was ripped from IT systems.
Since the group’s debut in early 2022, 8base has reportedly engaged with high-profile targets, such as the Nidec Corporation, which had over 50,000 files stolen, a ‘huge amount’ of them being confidential, in a cyberattack late in 2024.
“The PHOBOS and 8BASE ransomware strains had a significant impact on the UK, with law enforcement providing support to over 200 victims” Paul Foster, head of The UK’s National Cyber Crime Unit told TechRadar Pro.
“As a result of intelligence obtained during the investigation, the NCA and our policing partners were able to prevent a number of businesses who were targeted by these ransomware strains from succumbing to encryption and becoming victims, therefore mitigating the devastating impact an attack would have had on their companies.”
Ransomware attacks have soared to new highs recently, and present a huge threat to businesses – costing organizations an average of over $45,000, but often reaching the millions for large firms.
This is despite research revealing that only around 30% of ransomware attacks actually result in payment – but even still a reported $813.55 million was paid by ransomware victims in 2024, down from $1.25 billion in 2023.
Like all types of cybercrime, the landscape is evolving fast, but so is law enforcement. Groups like Lockbit have suffered major disruptions in recent years and have struggled to bounce back, so the cat and mouse game between criminals and cybersecurity agencies continues.
You might also like
- Take a look at our pick of the best endpoint protection software
- Less than half of ransomware incidents end in payment – but you should still be on your guard
- Check out our pick for best antivirus software