Law enforcement agencies worldwide have successfully taken down the dark web infrastructure of the notorious 8Base ransomware gang. The operation, codenamed “Phobos Aetor,” involved collaboration between multiple agencies, including the FBI, NCA, Europol, and authorities from ten other countries.

The group’s data leak and negotiation sites now display a seizure notice from the Bavarian State Criminal Police Office. In a coordinated effort in Thailand, authorities arrested four European nationals and seized crucial evidence, including digital wallets, laptops, and mobile devices.

The criminal organization is accused of targeting 17 Swiss companies between April 2023 and October 2024 using Phobos ransomware. Investigators estimate the group amassed approximately $16 million through attacks affecting over 1,000 victims globally.

Technical analysis revealed connections between 8Base and other ransomware operations, including RansomHouse, with shared characteristics in their ransom notes and dark web infrastructure. The group gained prominence in 2023 as a significant double extortion threat, incorporating Phobos ransomware components in their attacks.

This takedown follows recent successful operations against other major ransomware groups, including Hive, LockBit, and BlackCat. Additionally, Russian national Evgenii Ptitsyn, 42, identified as the Phobos ransomware administrator, was recently extradited to the United States.