Dismantling of 8base Ransomware Site in a Global Police Operation.
Four people were arrested following a global robbery of 16 million dollars.
A joint operation by law enforcement forces from the United States, Europe, and Asia has resulted in the closure of the leak site of the notorious ransomware group 8base, as well as the arrest of four suspects. The detainees were captured in Phuket, Thailand, and face charges of conspiracy to commit electronic fraud and conspiracy to commit a crime against the United States. Authorities in the U.S. and Switzerland are reportedly seeking the extradition of the accused.
The now inactive website displayed a message informing visitors that the criminal content had been confiscated by the Bavarian State Criminal Police.
This action is part of "Operation Phobos Aetor," which was initiated after it was observed that 8base had used a customized version of the Phobos ransomware in attacks that compromised UN data. Since its emergence in early 2022, the group has targeted high-profile entities, such as Nidec Corporation, from which over 50,000 files, many of them confidential, were stolen in a cyberattack that occurred in late 2024.
Paul Foster, head of the UK's National Cyber Crime Unit, highlighted the significant impact that the PHOBOS and 8BASE variants have had in the country, mentioning that his team has provided support to over 200 victims. Thanks to the intelligence gathered during the investigation, UK agencies and police partners were able to prevent several businesses that were under threat from succumbing to encryption, thereby avoiding a devastating impact on their operations.
Although ransomware attacks have reached record levels and pose a serious threat to businesses, with an average cost exceeding $45,000, only about 30% of these attacks result in a payment. In 2024, ransomware victims reported payments totaling $813.55 million, a decrease compared to the $1.25 billion reported the previous year.
The landscape of cybercrime is constantly evolving, as is the response from law enforcement agencies. Groups like Lockbit have faced significant disruptions in recent years and struggle to recover, highlighting the ongoing battle between criminals and cybersecurity agencies.
