An international operation, involving several countries including Belgium, has led to the arrest of four key figures from 8Base, one of the most active ransomware groups in 2024, European police agency Europol said on Tuesday.
"These individuals, all of Russian nationality, are suspected of having deployed a variant of the Phobos ransomware to extort large payments from victims across Europe and beyond," added Europol, which is based in The Hague (Netherlands).
Ransomware is a form of digital blackmail in which hackers encrypt the data of victims (individuals, companies or institutions), blocking access to their devices or files, and then demanding money to put things right.
First detected in December 2018, Phobos ransomware has been frequently used in attacks against small and medium-sized enterprises (SMEs) or organisations, according to Europol. These types of enterprises often lack cybersecurity defences.
Taking advantage of Phobos' infrastructure, 8Base has developed its own variant of the ransomware, using its encryption and distribution mechanisms for maximum impact.
Last week's operation involved 14 countries including Belgium. It allowed authorities to warn over 400 companies worldwide of ongoing or imminent ransomware attacks.
