A coordinated international law enforcement operation has led to the arrest of two Russian nationals who allegedly operated the notorious 8Base ransomware group, with authorities seizing their dark web infrastructure and disrupting a criminal network that stole approximately $16 million from over 1,000 victims worldwide.
The U.S. Department of Justice identified the suspects as Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, who allegedly operated under the "8Base" and "Affiliate 2803."
The operation, codenamed "Phobos Aetor," involved law enforcement agencies from 14 countries and resulted in dismantling more than 100 servers linked to the criminal enterprise.
According to court documents, the suspects are accused of deploying a variant of the Phobos ransomware, which has been targeting organizations since 2018.
Their victims included particularly vulnerable entities such as healthcare providers, educational institutions, and even a children's hospital. The group employed sophisticated double extortion tactics, not only encrypting victims' data but also threatening to publish stolen information if ransoms weren't paid.
The operation's technical phase, led by Bavarian police, successfully seized the gang's dark web portal. During coordinated raids in Thailand, authorities recovered substantial evidence, including dozens of cryptocurrency wallets, laptops, and smartphones.
The investigation revealed that the group operated a ransomware-as-a-service model, making their malicious tools accessible to various criminal actors.
Europol's European Cybercrime Centre (EC3) played a crucial coordinating role, facilitating nearly 600 operational messages through their secure SIENA network and organizing 37 operational meetings.
This collaboration enabled authorities to prevent further attacks by warning over 400 potential victims of imminent ransomware threats. The operation involved significant support from Eurojust, which organized dedicated coordination meetings to assist with cross-border judicial cooperation.
The arrests follow a series of related enforcement actions, including the recent apprehension and extradition of Evgenii Ptitsyn, a Russian national charged with administering the Phobos ransomware variant.
Berezhnoy and Glebov now face an 11-count indictment, including charges of wire fraud conspiracy, computer fraud, and extortion. If convicted, they could face up to 20 years in prison for each wire fraud-related count.
The European-led investigation, supported by the UK's National Crime Agency (NCA) and other international partners, demonstrates the growing effectiveness of cross-border cooperation in combating cybercrime.
The investigation continues under the FBI's Baltimore Field Office, with support from multiple international partners and the U.S. Department of Defense Cyber Crime Center.