PARIS (Reuters) – Four Russian nationals, who were suspected of deploying a variant of Phobos ransomware to extort payments from people in Europe and beyond, were arrested last week, the pan-European police agency Europol said on Tuesday.
Coordinated action involving law enforcement agencies from 14 countries led to the arrest of the four individuals who led the 8Base ransomware group, and 27 servers linked to the criminal network were taken down, the Europol statement said.
The crackdown follows a series of important arrests targeting Phobos ransomware. Those arrests allowed law enforcement to warn more than 400 companies worldwide of ongoing or imminent ransomware attacks.
In June 2024, an administrator of Phobos was arrested in South Korea and extradited to the United States in November. He faces prosecution over ransomware attacks that encrypted critical infrastructure, business systems, and personal data for ransom.
A key Phobos affiliate was arrested in Italy in 2023 on a French arrest warrant, further weakening the network behind this ransomware strain, Europol said.
Phobos ransomware is often used against small to medium-sized businesses, which may lack cybersecurity defences.
(Reporting by Dominique Vidalon; Editing by Bernadette Baum)
