Article Details
Scrape Timestamp (UTC): 2025-02-11 07:13:01.144
Source: https://thehackernews.com/2025/02/8base-ransomware-data-leak-sites-seized.html
Original Article Text
Click to Toggle View
8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation. A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg." The takedown involved the U.K. National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), Europol, as well as agencies from Bavaria, Belgium, Czechia, France, Germany, Japan, Romania, Spain, Switzerland, and Thailand. Thai media reports have revealed that four European nationals – two men and two women – were arrested across four different locations on Monday as part of an effort codenamed Operation Phobos Aetor. The identities of the suspects were not disclosed. Authorities are said to have seized more than 40 pieces of evidence, including mobile phones, laptops, and digital wallets. They are alleged to be linked to the deployment of Phobos ransomware against 17 companies located in Switzerland between April 2023 and October 2024. Furthermore, the group has been accused of earning $16 million through attacks that claimed over 1,000 victims across the world. 8Base, which emerged as a major double extortion player in 2023, has been previously found incorporating Phobos ransomware artifacts into their financially motivated cyber attacks, with research from VMware uncovering a Phobos sample using a ".8base" file extension on encrypted files. Overlaps have also been identified between 8Base and RansomHouse, particularly when it comes to their ransom notes and dark web infrastructure. The latest development comes in the aftermath of a series of high-profile disruptions associated with Hive, LockBit, and BlackCat in recent years. Late last year, Evgenii Ptitsyn, a 42-year-old Russian national believed to be the administrator of the Phobos ransomware, was extradited to the U.S.
Daily Brief Summary
A coordinated operation led by multiple international law enforcement agencies dismantled the 8Base ransomware gang's dark web data leak and negotiation sites.
The operation, dubbed "Operation Phobos Aetor," involved the FBI, NCA, Europol, and other agencies from various countries including Germany, Spain, and Japan.
Authorities posted a seizure banner on the taken down sites indicating the intervention by the Bavarian State Criminal Police Office and the Office of the Public Prosecutor General in Bamberg.
Four European nationals were arrested in Thailand related to the ransomware deployments, specifically targeting companies in Switzerland.
Law enforcement seized significant evidence such as mobile phones, laptops, and digital wallets during the arrests.
The suspects are believed to have garnered about $16 million through ransomware attacks that affected over 1,000 victims globally.
8Base was identified as employing double extortion techniques, using "Phobos" ransomware elements in its attacks.
The operation is part of a broader global effort to disrupt major ransomware operations, following previous disruptions of Hive, LockBit, and BlackCat networks.