International law enforcement takes down 8Base ransomware gang

Driving the news: Security researchers noticed Monday that 8Base's dark-web data leak site had a seizure notice from law enforcement agencies in Europe, Japan, the U.S. and the United Kingdom.

• "This hidden site has been seized," the notice reads.

Zoom in: Four suspected hackers were arrested in Thailand as part of the operation, according to Bavarian police.

• Europol says law enforcement has warned more than 400 companies worldwide about ongoing or imminent 8Base ransomware attacks because of the investigation.
• Law enforcement in 14 countries, including the U.S., assisted in the investigation.

Catch up quick: 8Base has been connected to ransomware attacks as far back as 2022, and the gang is known for a double-extortion model where it pressures victims to pay twice — once for a decryption key and a second time to keep hackers from publishing stolen data.

• The gang is considered the largest affiliate of the Phobos ransomware gang, according to Bavarian police. Phobos operates under a ransomware-as-a-service model, where operators license their malware to freelance hackers for their own attacks.

• 8Base has targeted organizations in the manufacturing, technology, education, financial and transportation sectors over the years.

The big picture: Arrests of top ransomware operators are rare.

• Many ransomware hackers are based in Russia, and the Kremlin is unlikely to extradite any of them.
• This is why law enforcement also focuses on seizing servers: Taking down gangs' online infrastructure removes the forums where they boast about attacks, recruit new members and host their malware.

Yes, but: Ransomware gangs often can bounce back from these takedowns — even though it does take some time.

Go deeper: How a ransomware attack works