Police arrests 2 Phobos ransomware suspects seizes 8Base sites

pRansomware gang encrypted network from a webcam to bypass EDRppMicrosoft North Korean hackers join Qilin ransomware gangppOver 37000 VMware ESXi servers vulnerable to ongoing attacksppMicrosoft says malvertising campaign impacted 1 million PCsppUS cities warn of wave of unpaid parking phishing textsppNew Chirp tool uses audio tones to transfer data between devicesppStudy for your CISSP certifications in this 30 course bundle dealppDeveloper guilty of using kill switch to sabotage employers systemsppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppA global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of two suspected hackers in Phuket Thailand and the seizure of 8Bases dark web sites The suspects are accused of conducting cyberattacks on over 1000 victims worldwideppThe arrested individuals two Russian men reportedly extorted 16000000 worth of Bitcoin from their victims over the yearsppThe police operation codenamed Phobos Aetor led to coordinated raids across four locations where laptops smartphones and cryptocurrency wallets were seized for forensic analysisppThe arrests were made at the request of the Swiss authorities who have asked the Thai government to extradite the suspectsppAccording to local media reports the four hackers are said to have conducted ransomware attacks against at least 17 Swiss companies between April 2023 and October 2024ppDuring the attacks the threat actors breached corporate networks to steal data and encrypt files The threat actors then demanded payments in cryptocurrency to provide the decryption keys and prevent the public release of datappThe ransom payments were laundered on cryptocurrency mixing platforms making it harder for law enforcement to track their final walletppToday the dark web sites for the 8Base ransomware operation were also seized in what appears to be the same operationppThe 8Base ransomware gangs negotiation and data leak sites now show a seizure message stating THIS HIDDEN SITE HAS BEEN SEIZED This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in BambergppThe seizure message also indicates that Operation Phobos Aetor involved  Thailand Romania Bavaria Germany Switzerland Japan USA Europol Czechia Spain France Belgium and the United KingdomppWhen asked about the legitimacy of the seizure message Europol told BleepingComputer Europol is supporting an international operation against a ransomware groupppThe United Kingdom National Crime Agency NCA also confirmed to BleepingComputer they played a supportive role on the operationppBleepingComputer has confirmed that both the 8Base operations data leak and negotiation sites were seized as part of the global law enforcement operationpp8Base is a ransomware group that launched in March 2022 staying relatively quiet until June 2023 when it suddenly began leaking data for many victimsppDescribing themselves as simple pentesters the ransomware gangs activities and sophistication indicated that they were possibly a rebrand of another operation or comprised of experienced hackersppVMware reported that the gang shares many similarities with RansomHouse including the style of the ransom notes and the data leak site but it has not been confirmed they are the same groupppLike other ransomware operations 8Base would breach corporate networks and quietly spread laterally through devices while stealing corporate data When they gained access to the domain controller the threat actors would encrypt devices using the Phobos ransomware encryptorppWhen encrypting files the ransomware appends either the 8base or eight extension to encrypted filesppDuring this process ransom notes are created that demand a ransom payment ranging between hundreds of thousands of dollars to millions in return for a decryption key and the promise to delete and not publish stolen datappIn 2023 the United States Department of Health and Human Services warned that the 8Base operators were targeting organizations worldwide including those in the healthcare sectorppAccording to the groups attacks 8Base mostly targets SMB companies based in the United States Brazil and the United Kingdom Other affected countries include Australia Germany Canada and China amongst others Notably no exSoviet or CIS countries have been targeted explains the HHS bulletinppWhile no known correlation to Russia or other Russianspeaking RaaS groups or affiliates exists this geographic exclusionary pattern is a hallmark for many Russianspeaking threat actorsppSome highprofile victims of the ransomware gang include Nidec Corporation a Japanese tech giant with a revenue of 11 billion and the United Nations Development Programme UNDPppUpdate 21125 Title and story changed to reflect that it was two Russian nationals arrested after more information was released by law enforcement edited ppDiscover the Top 10 MITRE ATTCK techniques behind 93 of attacks and learn how to defend against themppUS indicts 8Base ransomware operators for Phobos encryption attacksppSuspected Desorden hacker arrested for breaching 90 organizationsppDutch Police seizes 127 XHost servers dismantles bulletproof hosterppSky ECC encrypted service distributors arrested in Spain NetherlandsppSpain arrests suspected hacker of US and Spanish military agenciesppevery scumbag counts great to seeppNot a member yet Register NowppUndocumented commands found in Bluetooth chip used by a billion devicesppDeveloper guilty of using kill switch to sabotage employers systemsppData breach at Japanese telecom giant NTT hits 18000 companiespp5 Browser Security Threats Overlooked by Security Tools Get the Free ReportppThe vCISO Academy Transforming MSPs and MSSPs into Cybersecurity PowerhousesppOverdue a password healthcheck Audit your Active Directory for freeppSharpRhino resurfaces How this malware evades detection See how it worksppIntegrating LLMs into security operations using Wazuh Learn how to get startedppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp