Europol announced on Tuesday that four Russian nationals, suspected of deploying a variant of Phobos ransomware, have been arrested following a coordinated international law enforcement operation. The group, identified as the 8Base ransomware gang, extorted payments from victims in Europe and across the globe.
Coordinated Effort:
The arrests were the result of a collaboration involving law enforcement agencies from 14 countries. Along with the arrests, authorities seized 27 servers linked to the gang’s criminal operations, effectively dismantling part of the network. This action forms part of a broader series of successful operations targeting Phobos ransomware. Thanks to previous arrests, law enforcement agencies have also been able to warn over 400 companies worldwide about imminent ransomware attacks.
Prior Arrests and Impact:
In June 2024, a Phobos administrator was arrested in South Korea and later extradited to the United States in November, where he faces charges related to ransomware attacks on critical infrastructure and businesses. Another significant arrest occurred in 2023 when a key Phobos affiliate was apprehended in Italy based on a French arrest warrant, further disrupting the gang’s activities.
Phobos ransomware primarily targets small to medium-sized businesses, which are often vulnerable due to weaker cybersecurity defenses.
