A group of international law enforcement agencies have seized the dark web leak site of the 8base ransomware gang as part of a takedown operation.
“This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg,” reads a message on the gang’s dark web leak site, which TechCrunch has seen.
According to the seizure message, law enforcement agencies from Europe, Japan, the U.S., and the U.K. were involved in the takedown operation.
Lucy Sneddon, a spokesperson for the U.K.’s National Crime Agency (NCA), confirmed the legitimacy of the takedown message in an email to TechCrunch. The U.K. played a “supportive role” in the operation, the agency said.
Representatives from the other law enforcement agencies involved in the takedown did not immediately respond to TechCrunch’s questions.
Security researchers first noticed the seizure notice on Monday.
The ransomware gang is a financially motivated hacking group first observed in 2022. The group, which security experts have linked to the RansomHouse extortion group, is known for employing double-extortion tactics, where criminals encrypt and then threaten to expose sensitive information if the victim does not pay a ransom demand.
In 2023, the U.S. government warned that the 8base gang focused its “indiscriminate targeting” on multiple sectors primarily across the United States, including healthcare. The gang also claimed responsibility for a cyberattack on the United Nations Development Programme last year.
In a message on its dark web leak site prior to this week’s takedown, 8base described itself as “honest and simple pentesters.” Much like the prolific Clop ransomware gang, 8base claimed to only target organizations that have “neglected the privacy and importance of the data of their employees and customers.”
Various strains of ransomware are known to be used in 8base’s attacks, including Phobos. The U.S. government last year secured the extradition of an alleged Russian hacker who allegedly served as a key administrator of the prolific Phobos ransomware operation.
