International authorities involved in a joint operation took down the 8Base ransomware gang.

Police from the FBI, NCA, Europol, and countries across Europe and Asia collaborated to find and arrest four suspects living in various locations. The gang, which first began in 2022, managed to steal around $16 million via ransomware scams over a two-year period.

In 2023, 8Base opened up a dark web portal that allowed them to post their data for other criminals to purchase. With over 1,000 victims under their belt in just a few years and an active dark web portal, the group was one of the most notorious cyber gangs in the world.

Its reputation was so strong that it was originally rumored that the group only pretended to be caught so it could silently escape. International authorities confirmed the arrest in a press release.

Authorities referred to the sting as Operation Phobos Aetor, referring to the fact that the hackers deployed the Phobos ransomware to more than 17 major Swiss companies and 1,000 individuals.

“Its Ransomware-as-a-Service (RaaS) model has made it particularly accessible to a range of criminal actors, from individual affiliates to structured criminal groups such as 8Base,” Europol explains. “The adaptability of this framework has allowed attackers to customize their ransomware campaigns with minimal technical expertise, further fuelling its widespread use.”

The sting resulted in the arrest of four Russian nationals. At least 20 pieces of evidence were found, including mobile phones, laptops, tablets, and digital wallets. In addition, the US Department of Justice (DoJ) unsealed criminal charges against Roman Berezhnoy and Egor Nikolaevich Glebov for their involvement with the Phobos ransomware strain.

US and Swiss authorities requested the extradition of all four suspects, as they are wanted on multiple counts of wire fraud, theft, and other crimes in both countries.

This takedown happened at the same time that international agencies, including Australia, sanctioned Zservers for helping facilitate ransomware attacks. In fact, it’s one of many that are taking place around the world as world governments have cracked down on destroying hacking groups.