Four European hackers have been arrested in Phuket by Cybercrime Police for allegedly stealing $16 million through ransomware attacks that targeted over 1,000 victims globally. The four are wanted on Interpol Red Warrants from Switzerland and the United States.
The arrests, part of “Operation PHOBOS AETOR,” were carried out on February 10 by officers from the Cybercrime Investigation Bureau, led by Police Lieutenant General Trairong Phiwphan. The operation was conducted with support from Immigration Police and Region 8 Police.
The suspects—two men and two women—were apprehended at four sites in Phuket: Mono Soi Palai, Supalai Palm Spring, Supalai Vista Phuket, and Phyll Phuket x Phuketique Phyll.
During the raids, police confiscated over 40 items, including mobile phones, laptops, and digital wallets. The suspects now face charges of Conspiracy to Commit an Offense Against the United States and Conspiracy to Commit Wire Fraud.
The arrests followed a request for international assistance from Swiss authorities and the FBI. Interpol had issued warrants for the hackers, who were believed to be part of a transnational criminal network operating in Thailand.
The hackers are accused of using ransomware to attack 17 Swiss companies between April 30, 2023, and October 26, 2024. Their methods included hacking victims’ systems, stealing data, and encrypting files.
They demanded cryptocurrency payments for decryption keys and threatened to release the stolen data if ransoms weren’t paid. To hide their tracks, they used cryptocurrency mixers to obscure transaction records.
The ransomware attacks are believed to have impacted over 1,000 victims worldwide, with total losses estimated at $16 million (approx. 560 million baht). Although the suspects remain in custody, their identities have not been revealed as the investigation continues.
On Monday, law enforcement agencies also took down the leak site for the 8Base ransomware group and replaced it with a notice. The takedown occurred just hours after the arrests in Phuket.
8Base, a newer ransomware operation, gained momentum from hackers in mid-2023. The group had claimed responsibility for major attacks, including breaches at the United Nations Development Programme, the Atlantic States Marine Fisheries Commission, and a Canadian agency managing dental benefit plans for disabled individuals in Alberta.
While 8Base appeared new, cybersecurity researchers from VMware suggested it showed the hallmarks of an experienced organization. Other experts linked the group to ransomware hackers like RansomHouse and Phobos, pointing to possible ties with established criminal networks.
8Base ransomware targets businesses and encrypts data to demand a ransom. It often gained access through phishing emails, exposed remote services, or other vulnerabilities.
Known for its fast attacks, 8Base is associated with double extortion tactics, meaning attackers encrypt data and threaten to publish it unless paid. 8Base uses encryption algorithms to lock files and leaves ransom notes with contact details for negotiations.
Victims are usually small—to medium-sized businesses, though larger organizations aren’t immune. Regular backups, software updates, and employee awareness are crucial for protecting against this type of ransomware.
Related News:
Chinese Hackers Breach US Office Reviewing Foreign Investments
Geoff Thomas is an award winning journalist known for his sharp insights and no-nonsense reporting style. Over the years he has worked for Reuters and the Canadian Press covering everything from political scandals to human interest stories. He brings a clear and direct approach to his work.
