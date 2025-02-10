The 8base ransomware gang’s data leak site was seized as part of an international law enforcement operation.

A law enforcement seizure notice appeared on the 8base page Monday morning, as noted by a security research known as cR0w . The notice states: “This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg.”

The German Federal Office for Information Security (BSI) confirmed, in a reply to security researcher Kevin Beaumont, that the site was seized by Bavarian state police on behalf of the Office of the Public Prosecutor in Bamberg, Germany. A UK National Crime Agency (NCA) spokesperson also confirmed the takedown’s legitimacy to TechCrunch

The seized 8base site now displays the logos of 15 different agencies including law enforcement from Germany, the United States, the Czech Republic, Japan, France, Switzerland, Belgium, Thailand, the United Kingdom, Spain and Romania, as well as the European Union Agency for Law Enforcement Cooperation (Europol).

SC Media reached out to the Federal Bureau of Investigation (FBI) for information about its role in the operation, and did not receive a response.

Coinciding with the appearance of the 8base seizure notice were the arrests of four Europeans in Thailand who are suspected of involvement in attacks leveraging Phobos ransomware, as reported by Thai newspaper Khaosod

The suspects, two men and two women whose names and nationalities were not reported, were arrested at the request of Swiss and US authorities and are accused of using Phobos ransomware in attacks on 17 Swiss companies between 2023 and 2024, impacting more than 1,000 victims and costing companies approximately $16 million.

While the exact link between the arrests and the website seizure is unknown, the 8base group has been known to use a variant of Phobos ransomware since at least 2023. An analysis of 8base ransomware by Cisco Talos in November 2023 found that the 8base ransomware shared nearly 90% of its code with a Phobos sample from 2019.