Two Russian Nationals Arrested in Thailand for Ties to 8Base Ransomware Group
Two Russian citizens have been arrested in Thailand for their involvement in over 1,000 ransomware attacks. Their capture was part of a large-scale international operation named Phobos Aetor, referring to the encryption tool used by the criminals. The operation was carried out with the cooperation of law enforcement agencies from 14 countries, including the FBI and Europol.
The first reports of the arrests came from Thai police, who acted on a request from Switzerland. In addition to the two Russians, authorities also detained two European nationals residing in Phuket. According to officials, the cybercriminals’ activities caused an estimated $16 million in damages. On the same day, websites linked to the 8Base group—where the suspects were active—went offline. Later, Europol announced it had seized 27 servers connected to the organization.
Shortly after the arrests, the U.S. Department of Justice formally charged the two Russian nationals with 11 counts of cyber-related crimes. Their identities were revealed as 33-year-old Roman Berezhnoi and 39-year-old Yegor Glebov. According to U.S. authorities, they were key operators of both 8Base and Affiliate 2803, which carried out ransomware attacks using the Phobos malware.
Additionally, the Justice Department directly linked the arrested individuals to Yevgeny Ptitsyn, another Russian citizen believed by the U.S. to be a primary figure behind Phobos ransomware. Ptitsyn was extradited to the United States from South Korea in November 2024.
