Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Phobos. Show all posts
United States
Cyber Fraud Data Breach DOJ Phobos Ransomware United States

Two Russian Hackers Arrested for Large-Scale Ransomware Attacks

 



Authorities in the United States have charged two Russian nationals with carrying out widespread cyberattacks using Phobos ransomware. The suspects, Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39), were arrested in Thailand for allegedly orchestrating more than a thousand attacks worldwide.  

Cybercriminals Behind the Phobos Ransomware Attacks 

According to the U.S. Department of Justice (DoJ), both men were actively involved in cybercrime from 2019 to 2024. They were linked to two hacking groups known as "8Base" and "Affiliate 2803," which were responsible for spreading Phobos ransomware.  

Their method of attack involved infiltrating computer networks, stealing important files, and encrypting them using ransomware. Victims were then left with no access to their own data unless they paid a ransom. If payments were not made, the attackers allegedly threatened to leak sensitive information to the public or to the organizations’ clients and partners.  

Legal Charges and Possible Consequences

The two men now face multiple serious charges, including:  

1. Fraud involving online transactions  

2. Hacking into protected systems  

3. Intentional damage to computer networks  

4. Extortion through cyber threats  

If found guilty, the penalties could be severe. Wire fraud charges alone could lead to a 20-year prison sentence, while hacking-related crimes carry additional penalties of up to 10 years.  

International Crackdown on Ransomware Operations

In a coordinated effort, Europol and other international agencies have shut down 27 servers used by the 8Base ransomware group. This action has significantly disrupted the cybercriminal network.  

Authorities also revealed that a previous arrest in Italy in 2023 helped law enforcement gather intelligence on Phobos ransomware operations. This intelligence allowed them to prevent over 400 potential cyberattacks and take down key infrastructure used by the hackers.  

What This Means for Cybersecurity

Phobos ransomware has been a major cyber threat since 2018, targeting businesses and organizations worldwide. While these arrests and crackdowns have weakened the group, it is uncertain whether this will fully eliminate their operations.  

This case highlights the growing efforts by global law enforcement agencies to combat cybercrime. Businesses and individuals are urged to remain cautious, implement strong security measures, and stay informed about evolving cyber threats.  


Read more »
Thailand
8Base Cyber Crime Phobos Ransomware Thailand

Global Crackdown on Phobos Ransomware, Two Arrested

 



A major international police operation has resulted in the arrest of two individuals suspected of carrying out ransomware attacks worldwide. The operation also led to the takedown of dark web platforms associated with a notorious cybercrime group.  

Suspects Arrested in Thailand

Law enforcement authorities apprehended two Russian nationals in Phuket, Thailand, accusing them of orchestrating cyberattacks on businesses and institutions across multiple countries. Reports suggest that their activities led to financial losses amounting to millions of dollars, with ransom payments made in cryptocurrency.  

The investigation was conducted in collaboration with Swiss authorities, who have requested the extradition of the suspects. Officials believe that these individuals were behind ransomware attacks on at least 17 Swiss organizations between April 2023 and October 2024.  

How the Cyberattacks Were Carried Out

The hackers allegedly infiltrated computer networks, encrypting crucial data and demanding payment in digital currency in exchange for restoration. Victims who refused to pay faced the risk of having their sensitive information leaked online.  

Authorities revealed that the attackers used Phobos ransomware, a type of malicious software designed to lock files and prevent access unless a ransom is paid. Over time, the hackers are believed to have amassed around $16 million from their victims.  

To make tracking difficult, the ransom payments were processed through cryptocurrency mixing services, which obscure transaction details and the final destination of funds.  

Dark Web Platforms Shut Down

In a simultaneous effort, law enforcement agencies also took control of websites used by the 8Base ransomware group. These platforms functioned as communication hubs where cybercriminals engaged with victims, demanded ransoms, and published stolen data when their demands were not met.  

Now, visitors attempting to access these sites see a law enforcement notice confirming that they have been seized. The operation was an international effort, with agencies from Europe, the United States, and Asia working together to dismantle the group's online infrastructure.  

Who Are the 8Base Hackers?

The 8Base cybercriminal group surfaced in early 2022 but remained relatively unnoticed until mid-2023, when they intensified their ransomware operations. While they publicly identified themselves as "ethical hackers" conducting penetration testing, cybersecurity experts argue that their activities were anything but legal.  

Some researchers suspect that 8Base could be linked to an older ransomware group, as their ransom notes and data leak strategies resemble those used by another criminal organization. However, this connection has yet to be verified.  

How Their Ransomware Worked

Once inside a company's system, these hackers moved through different devices, gaining deeper access to networks. Their ultimate goal was to control the central system managing all devices. When they achieved this, they deployed Phobos ransomware, encrypting files and appending .8base or .eight extensions to the locked data.  

Victims would then receive a ransom note demanding a payment, sometimes reaching millions of dollars — to restore access and prevent public data leaks.  

Cyberattacks like these have severe financial and operational consequences for businesses, hospitals, and governments. In 2023, authorities warned that 8Base was increasingly targeting healthcare organizations, raising concerns over the security of sensitive medical records.  

This recent crackdown represents a substantial step in combating ransomware threats, but experts warn that cybercriminals are constantly developing their tactics.

Read more »
VMware Carbon Black
8Base 8Base Ransomware Cyber Attacks MalwareBytes Phobos RansomHouse Ransomware Ransomware group VMware Carbon Black

8Base Ransomware: Researchers Raise Concerns Over its Increased Activities


The 8Base ransomware has well maintained its covert presence, avoiding detection for over a year. Although, a recent investigation into the ransomware revealed a significant rise in its operation during the period of May and June. It has been made clear that the ransomware group has been active since at least March 2022. The threat group labels itself as “simple pentesters,” indicating a basic level of proficiency in penetration testing.

Details of the 8Base

According to a research conducted by Malwarebytes and NCC Group, as of May, the ransomware group may have been linked with a total of whopping 67 attacks. Among these cyber incidents, around half of the manufacturing, construction, and business services industries together account for around half of the affected firms. The targeted firms are primarily located in the United States and Brazil, indicating a geographic focus by the threat group. 

June saw a significant surge in ransomware activities. The fact that the offenders used a dual extortion tactic raised the stakes for their victims is notable.

A list of 35 victims who have been identified has so far been on the 8Base-affiliated dark web extortion site. There have even been occasions where up to six companies have fallen victim to the ransomware operators' nefarious activities at once on specific days.

According to the VMware Carbon Black team, based on its recent activities, and its similarities of ransom notes and content on leak sites along with identical FAQ pages, 8Base could as well be a rebranding of the popular ‘RansomHouse’ ransomware group. RansomHouse, however flexibly promotes its partnership, while 8Base does not.

It is also noteworthy that a Phobos ransomware sample was also discovered by the VMware researchers, that was utilizing the “.8base” file extension, indicating the 8Base could well be the successor of or utilizing the existing ransomware strain.

The researchers concluded that the efficient operations conducted by the 8Base ransomware group may continue to group, which could be an onset of a mature organization. However, it has not yet been made clear whether the group is based on Phobos or RansomHouse.

As for now, there are speculations on 8Base's use of various ransomware strains, whether it be in earlier iterations or as a fundamental component of its typical mode of operation. However, it is commonly known that this organization is very active, with a concentration on smaller firms as a significant target.  

Read more »
Subscribe to: Posts (Atom)