A global law enforcement operation has led to the arrest of four Russian nationals, who authorities accuse of involvement in more than 1,000 ransomware attacks worldwide.
The operation, named “Phobos Aetor,” saw four suspected hackers arrested in Phuket, Thailand, according to Bavarian police. The four individuals have been linked to the 8base ransomware group, which authorities say is the largest affiliate of the Phobos ransomware-as-a-service operation.
Phobos has long been linked to the 8base data extortion gang, which also saw its dark web leak site seized as part of the operation.
The Justice Department on Tuesday unsealed charges against two of the suspects, Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, who stand accused of operating the 8base ransomware affiliate organization, which “victimized public and private entities through the deployment of Phobos ransomware.”
The FBI last year warned that Phobos had been used in attacks targeting local governments, emergency services, public healthcare, and other critical infrastructure entities across the United States.
According to Europol, 8base not only used the Phobos ransomware in its attacks but also took advantage of Phobos’ infrastructure to develop its own variant of the ransomware.
Authorities say they have seized more than 40 pieces of evidence, including mobile phones, laptops, and digital wallets, and took down more than 100 servers linked to the criminal network, according to the Justice Department. Europol notes that authorities were able to warn more than 400 companies of “ongoing or imminent ransomware attacks.”
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Last year, the U.S. government said it had secured the extradition of a Russian hacker who allegedly served as a key administrator of the prolific Phobos ransomware operation. Another Phobos affiliate was arrested in Italy in 2023 on a French arrest warrant.
Corrected the day that DOJ unsealed charges, due to editor’s error. ZW
