Europol has just announced the arrest of the cybercriminals of 8Base, a formidable gang specializing in ransomware cyberattacks. The European police arrested four cybercriminals of Russian origin during an international operation, conducted jointly by 14 countries, including France and Belgium.
In the process, "27 servers linked to the criminal network" were seized. In its press release, Europol specifies that the hackers arrested are suspected of having led the 8Base group. This therefore concerns the quartet at the head of the gang. For the moment, 8Base seems to have been completely dismantled. At the end of the international operation, the authorities were able to warn more than 400 companies worldwide of ongoing or planned ransomware attacks.
The links between 8Base and Phobos
The hackers are also and above all suspected of having "deployed a variant of the Phobos ransomware to extort high-value payments from victims across Europe and beyond". 8Base relied on a virus developed by Phobos, a group active since 2018, to orchestrate its attacks. The group designed its own version of the ransomware to encrypt its victims’ data. Between May 2019 and October 2024, the virus managed to extort $16 million in ransoms from its victims, according to the U.S. Department of Justice. It is also one of the most active ransomware of 2024.
According to Europol, Phobos primarily targets small and medium-sized businesses, which are often vulnerable due to their limited cybersecurity defenses. It also made money by offering its malware through a subscription to other cybercriminals. This is the famous ransomware-as-a-service (RAAS) model.
The 8Base gang stood out by taking advantage of Phobos’ infrastructure. In short, 8Base was one of Phobos’ affiliates. The group also stood out for its modus operandi “particularly aggressive in its double extortion tactics, not only by encrypting victims’ data, but also by threatening to publish the stolen information unless a ransom is paid.” This strategy, increasingly widespread among hackers, maximizes the chances that a company will pay a ransom without delay.
As Europol indicates, the arrest follows a series of major operations against the Phobos hackers. Last year, a Phobos administrator was arrested in South Korea, before being extradited to the United States. A few months earlier, one of his accomplices had already been arrested in Italy.
A Tense Climate for Ransomware
This new crackdown comes at a critical time for the ransomware world. Repeatedly hit by law enforcement, cybercriminals have seen a significant drop in their earnings. Last year, the amount of payments received by hackers fell by more than 30% compared to 2023.
With their backs to the wall, hackers have been forced to review their tactics, notably by using new strains of malware and becoming increasingly aggressive. In addition, many gangs are gradually focusing on entities in the healthcare sector, including hospitals. As guardians of sensitive data, hospitals are prime targets for criminals.
Source: Europol
0 Comments