Global Law Enforcement Operation Dismantles Notorious 8Base Ransomware Gang's Dark Web Sites

February 11, 2025
Global Law Enforcement Operation Dismantles Notorious 8Base Ransomware Gang's Dark Web Sites
  • The seizure notice was first observed by security researchers on February 5, 2025, indicating the operation's recent execution.

  • Lucy Sneddon from the U.K.'s National Crime Agency confirmed the operation's authenticity, highlighting the collaborative efforts of various law enforcement agencies.

  • As part of Operation Phobos Aetor, Thai media reported the arrest of four European nationals linked to the group, which has been responsible for over 1,000 cyber attacks.

  • A coordinated law enforcement operation has successfully dismantled the dark web sites associated with the 8Base ransomware gang, involving international agencies from Europe, Japan, the U.S., and the U.K.

  • The Bavarian State Criminal Police Office led the seizure operation, which resulted in more than 40 pieces of evidence being collected, including digital devices and wallets.

  • Visitors to the now-seized data leak site are greeted with a notice from the Bavarian State Criminal Police Office, marking the end of its operations.

  • The suspects are linked to deploying Phobos ransomware against 17 companies in Switzerland, generating approximately $16 million in profits between April 2023 and October 2024.

  • In 2023, the U.S. government had issued warnings about the gang's indiscriminate targeting of various sectors, particularly in the healthcare industry.

  • 8Base emerged as a significant player in the ransomware landscape in 2023, utilizing Phobos ransomware artifacts in their attacks.

  • The group has been known to employ various ransomware strains, including Phobos, which has connections to a significant Russian hacker extradited to the U.S.

  • First identified in 2022, the financially motivated 8Base gang is notorious for its double-extortion tactics, encrypting data and threatening exposure unless a ransom is paid.

  • Before the takedown, 8Base portrayed itself as 'honest and simple pentesters,' claiming to target only organizations neglecting data privacy.

Summary based on 2 sources


Get a daily email with more Tech stories

More Stories