A coordinated international law enforcement effort has dismantled the dark web data leak and negotiation sites linked to the 8Base ransomware gang. Visitors to the seized sites now see a banner from the Bavarian State Criminal Police Office announcing the takedown.

The operation involved agencies from the U.K., U.S., Germany, France, Spain, Switzerland, Thailand, and others. Thai media reports indicate that four European nationals—two men and two women—were arrested in separate locations on Monday as part of Operation Phobos Aetor. Officials seized over 40 pieces of digital evidence, including mobile phones, laptops, and cryptocurrency wallets.

Authorities allege the suspects deployed Phobos ransomware against 17 Swiss companies between April 2023 and October 2024, amassing $16 million from over 1,000 global victims. Research has linked 8Base, a major double extortion player since 2023, to Phobos ransomware, with VMware detecting an encryption pattern using the “.8base” extension.