News
Four key members of the Russian hacker group 8Base, one of the most active ransomware gangs of 2024, have been arrested in a joint international operation supported by Europol and Eurojust. According to a statement on Europol’s website, all detainees are Russian nationals and are suspected of deploying the Phobos ransomware to extort large sums from victims across Europe and elsewhere. 27 servers linked to the criminal network were also taken down as part of the operation.
The U.S. Department of Justice identified two of the arrested individuals as 33-year-old Roman Berezhnoy and 39-year-old Egor Glebov. If convicted, Berezhnoy and Glebov face up to 20 years in prison for each proven instance of cyber fraud and up to 10 years for each confirmed hacking offense. The charges include 11 cases of cyberattacks.
According to U.S. law enforcement, more than 1,000 companies and individuals in the United States alone have fallen victim to 8Base. Globally, the group is estimated to have extorted at least $16 million in ransom payments.
Cybersecurity researchers believe 8Base began operating in March 2022, with a peak in activity during the summer of 2023. The group used Phobos ransomware in order to target Western financial and IT firms, as well as healthcare institutions and hotels. Threat analysts note that 8Base and Phobos have been widely used in cyberattacks against small and medium-sized businesses, which often lack sufficient cybersecurity defenses.
Phobos operates under a “Ransomware-as-a-Service” (RaaS) model, commonly used by hackers. Under this system, individuals or groups looking to launch ransomware attacks purchase access to Phobos from its developers. In return, they give a share of the ransom payments to the administrators following a successful attack. This model has made Phobos easily accessible to cybercriminals, fueling its widespread use.
Security experts note that 8Base's methods and tactics closely resemble those of other major ransomware groups, such as RansomHouse. The use of Phobos suggests that 8Base remains adaptable in selecting tools for its operations, enabling it to target a broad range of victims. Analysts warn that 8Base remains a major player in the cybercrime landscape, with the potential to expand its operations as long as conditions remain favorable.