After an international investigation led by US, UK, and Thai law enforcement agencies. Two Russian individuals have been arrested in the party town of Phuket, Thailand. A statement released by the Department of Justice (DOJ) alleges that the hackers are part of a hacker group with over a thousand victims worldwide, all affected by a version of the Phobos ransomware. The group has focused on individuals and small and medium businesses (SMBs) rather than large corporations. Regular folks and SMBs often lack proper cyber security, which makes them an appealing target for such groups.
You might be interested in: 58 Ransomware Statistics Vital for Security in 2024
Severe legal consequences for the hackers
The Thai party for the criminals is likely over. As, if convicted, the fraudsters will be facing prison sentences of up to 120 years. And a possible extradition to the US. The men with criminal charges have allegedly received over $16 million in ransomware over the last six years. The Russian hackers have been targeting businesses and individuals since 2018 and are responsible for hits on many delicate institutions such as children’s hospitals, health care providers, and schools. Over the years, the cyber gang has been using a version of the Phobos ransomware and has been operating under various nicknames such as “Affiliate 2803” and “8Base”. The ransom companies and individuals had to pay has been between $12k to $20k per incident.
Modus operandi of the cybercriminals
The group has been operating in a painfully familiar manner: sneaking their way into a company or individual computer network and copying sensitive information from servers. The fraudsters would then encrypt the files and request a ransom from the victim to provide a decryption key. If the victims were not cooperating, they would either try to sell the stolen information to the highest bidder or slap the sensitive data on the dark web for everyone to see in hopes of hurting the uncooperative victims.
Authorities dismantle the 8Base website
Multiple government cyber security agencies seized the malicious website 8Base during the arrest in a coordinated effort. Some of the logos included on the main page of the now-defunct 8Base include badges of the FBI, Europol, and the UK’s National Crime Agency. The 8Base group has been active for years, and together with Phobos, Europol identified them as some of the most active ransomware groups of 2024.
This is not the first time authorities have arrested Phobos-affiliated hackers. Last year, the group’s administrator was arrested in South Korea and then extradited to the United States. He is currently facing charges. Other Phobos key figures were also arrested in Italy in 2023 at the request of French intelligence agencies.
Extortion groups were responsible for over a billion dollars’ worth of damage in 2023, but over the last year, there has been a small decline in this type of crime as agencies have had a few wins in the fight with similar high-profile RaaS (Ransomware as a Service) gangs such as LockBit and ALPHV Blackcat.