Two Russian nationals, Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39), were arrested in Phuket, Thailand, for their involvement in over 1,000 cyberattacks using the Phobos ransomware strain. The U.S. Department of Justice has charged them with 11 counts of cybercrime.

Operating as “8Base” and “Affiliate 2803” between May 2019 and October 2024, the suspects allegedly:
– Infiltrated victim networks
– Stole sensitive data
– Encrypted systems with Phobos ransomware
– Extorted victims for ransom payments
– Threatened to expose stolen data publicly

The charges include:
– Wire fraud conspiracy
– Computer fraud and abuse
– Intentional damage to protected computers
– Extortion
– Unauthorized access to protected systems

If convicted, they face up to 20 years for wire fraud charges and additional penalties for other counts.

In a parallel operation, Europol dismantled 27 servers linked to the 8Base ransomware group. The agency’s infiltration of Phobos operations, following a key arrest in Italy in 2023, enabled them to warn over 400 companies about potential attacks.

The operation marks a significant disruption to Phobos, which has been active since December 2018, though the full impact of these law enforcement actions remains to be determined.