In a meticulously orchestrated multinational operation, law enforcement agencies have successfully eradicated the dark web platforms utilized by the 8Base ransomware syndicate for data extortion and victim negotiations.
Visitors attempting to access the compromised leak site are now confronted with an official seizure notice stating: “This clandestine platform and its illicit contents have been confiscated by the Bavarian State Criminal Police Office under the directive of the Public Prosecutor General in Bamberg.”
This decisive intervention was executed through a collaborative effort involving the U.K. National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), Europol, and enforcement bodies from Bavaria, Belgium, Czechia, France, Germany, Japan, Romania, Spain, Switzerland, and Thailand.
Thai media reports have disclosed that four European nationals—two men and two women—were apprehended in a coordinated operation spanning four separate locations on Monday, under the codename Operation Phobos Aetor. The identities of the detained individuals have not been publicly revealed.
Authorities confiscated over 40 pieces of critical evidence, comprising mobile devices, computing hardware, and digital asset storage units.
The arrested individuals are suspected of orchestrating Phobos ransomware attacks against 17 enterprises in Switzerland between April 2023 and October 2024. Furthermore, the syndicate is accused of amassing illicit gains exceeding $16 million, having victimized over 1,000 entities worldwide.
8Base emerged as a dominant force in the realm of double extortion ransomware in 2023, frequently deploying Phobos ransomware variants in their financially driven cyber onslaughts. Research conducted by VMware has previously detected Phobos samples employing the distinctive “.8base” extension for encrypted files.
Analytical overlaps have been observed between 8Base and RansomHouse, particularly regarding the structure of their ransom communications and dark web operational frameworks.
This latest enforcement action follows a succession of high-impact takedowns targeting major ransomware collectives such as Hive, LockBit, and BlackCat in recent years. Notably, Evgenii Ptitsyn, a 42-year-old Russian national alleged to be a key administrator of the Phobos ransomware, was extradited to the U.S. late last year.
