In a significant cybersecurity breakthrough, law enforcement agencies have successfully dismantled the Phobos ransomware operation, leading to four arrests in Phuket, Thailand. The suspects, two men and two women of European origin, are accused of orchestrating cyberattacks against more than 1,000 victims globally, accumulating approximately $16 million in Bitcoin through extortion.

Operation “Phobos Aetor,” a coordinated international effort, resulted in raids across four locations, yielding crucial evidence including laptops, smartphones, and cryptocurrency wallets. The suspects, wanted by Swiss authorities for attacking 17 Swiss companies between April 2023 and October 2024, now face extradition requests.

The operation also led to the seizure of 8Base ransomware’s dark web infrastructure. The group, operational since March 2022, had targeted high-profile organizations including Nidec Corporation and the United Nations Development Programme (UNDP). Their dark web sites now display seizure notices from the Bavarian State Criminal Police Office.

The cybercriminal group’s methodology involved network breaches, data theft, and file encryption, followed by cryptocurrency ransom demands. They employed cryptocurrency mixing platforms to obscure their financial trails.

This successful operation involved collaboration between multiple nations including Thailand, Romania, Germany, Switzerland, Japan, USA, and various European countries, marking a significant victory in the global fight against cybercrime.