A global law enforcement operation has led to the arrest of four Russian nationals, who authorities accuse of involvement in more than 1,000 ransomware attacks worldwide.
The operation, named “Phobos Aetor,” saw four suspected hackers arrested in Phuket, Thailand, according to Bavarian police. The four individuals have been linked to the 8base ransomware group, which authorities say is the largest affiliate of the Phobos ransomware-as-a-service operation.
Phobos has long been linked to the 8base data extortion gang, which also saw its dark web leak site seized as part of the operation.
The Justice Department on Wednesday unsealed charges against two of the suspects, named as Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, who stand accused of operating the 8base ransomware affiliate organization, which “victimized public and private entities through the deployment of Phobos ransomware.”
The FBI last year warned that Phobos had been used in attacks targeting local governments, emergency services, public healthcare, and other critical infrastructure entities across the United States.
According to Europol, 8base not only used the Phobos ransomware in its attacks but also took advantage of Phobos’ infrastructure to develop its own variant of the ransomware.
The four suspects are accused of amassing $16 million through ransomware attacks, including 17 organizations in Switzerland.
Authorities say they have seized more than 40 pieces of evidence, including mobile phones, laptops, and digital wallets, and took down more than 100 servers linked to the criminal network, according to the Justice Department, Europol notes that authorities were able to able to warn more than 400 companies of “ongoing or imminent ransomware attacks.”
Last year, the U.S. government said it had secured the extradition of an alleged Russian hacker who allegedly served as a key administrator of the prolific Phobos ransomware operation. Another Phobos affiliate was arrested in Italy in 2023 on a French arrest warrant.
