In a major cybersecurity breakthrough, law enforcement agencies worldwide have successfully apprehended two Russian nationals in Phuket, Thailand, linked to the notorious Phobos ransomware operation. The suspects are accused of orchestrating cyberattacks against more than 1,000 victims globally, amassing approximately $16 million in Bitcoin through extortion.

Operation “Phobos Aetor,” a coordinated effort involving multiple countries, led to raids across four locations, resulting in the seizure of critical evidence including laptops, smartphones, and cryptocurrency wallets. The suspects, currently awaiting extradition to Switzerland, allegedly targeted at least 17 Swiss companies between April 2023 and October 2024.

In a parallel development, authorities seized the dark web infrastructure of the 8Base ransomware operation, displaying seizure notices on their negotiation and data leak sites. The operation involved law enforcement agencies from Thailand, Romania, Germany, Switzerland, Japan, USA, and several European countries, with support from Europol.

8Base, operational since March 2022, gained notoriety for targeting small and medium-sized businesses worldwide, particularly in the United States, Brazil, and the United Kingdom. The group employed sophisticated tactics, including data theft and encryption, demanding substantial ransoms in cryptocurrency. Notable victims included Nidec Corporation and the United Nations Development Programme.

The group specifically avoided targeting ex-Soviet or CIS countries, a characteristic pattern observed among Russian-speaking cyber threat actors. The operation utilized the Phobos ransomware encryptor, marking files with .8base or .eight extensions and demanding ransoms ranging from hundreds of thousands to millions of dollars.

This international operation represents a significant victory in the ongoing battle against ransomware operations and cybercrime.