A major law enforcement operation has successfully taken down the dark web data leak and negotiation sites associated with the 8Base ransomware group. The operation, which involved multiple international agencies, including the U.K. National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), Europol, and others from countries such as France, Germany, Spain, and Thailand, led to the seizure of criminal content hosted on these sites. Visitors to the data leak site are now greeted with a seizure notice from the Bavarian State Criminal Police Office, highlighting the scale of the operation.
As part of the operation, authorities arrested four European nationals, including two men and two women, across various locations. The suspects are believed to be involved in deploying Phobos ransomware, which has been linked to a series of high-profile attacks targeting companies in Switzerland between April 2023 and October 2024. Reports indicate that these attacks affected 17 companies, leading to a financial loss of $16 million, with over 1,000 global victims. The operation, dubbed “Operation Phobos Aetor,” resulted in the seizure of over 40 pieces of evidence, such as laptops, mobile phones, and digital wallets.
The 8Base ransomware gang, which emerged in 2023, has become known for using double extortion tactics, a trend in which they encrypt data and threaten to release it unless a ransom is paid. In addition to its Phobos ransomware activities, 8Base has been found to incorporate Phobos ransomware artifacts in their attacks, using file extensions like “.8base” for encrypted files. This connection between 8Base and Phobos highlights the gang’s evolving tactics and collaboration with other cybercrime groups.
The takedown of 8Base’s dark web infrastructure comes amid significant disruptions in the ransomware landscape, including the dismantling of other notorious groups like Hive, LockBit, and BlackCat. The arrest of Evgenii Ptitsyn, the suspected administrator of the Phobos ransomware, and his extradition to the U.S. late last year further complicates the operational landscape for cybercriminals. This latest operation represents a significant win for international law enforcement in the ongoing battle against ransomware gangs.
