Thai police arrest four European hackers involved in a $16 million ransomware scheme using Phobos malware, targeting Swiss companies.
In a significant breakthrough against cybercrime, Thai police have arrested four European hackers in Phuket, accused of orchestrating a series of ransomware attacks that resulted in a staggering $16 million theft. The suspects, wanted by authorities in Switzerland and the United States, were apprehended during a coordinated operation across multiple locations on the island.
The operation, dubbed "Operation PHOBOS AETOR," was executed by the Cyber Crime Investigation Bureau, under the leadership of Lieutenant General Trairong Phiwphan. The police collaborated with immigration and regional police forces to carry out the arrests. During the raids, authorities seized more than 40 electronic devices, including mobile phones, laptops, and digital wallets, which are believed to contain crucial evidence related to the cybercrimes.
The suspects, comprising two men and two women, face serious charges, including conspiracy to commit crimes against the United States and conspiracy to commit wire fraud. Their arrest was made possible through international cooperation, with warrants issued by Interpol.
The Phobos ransomware gang is accused of targeting 17 Swiss companies between April 30, 2023, and October 26, 2024. The hackers gained unauthorized access to the victims' networks, encrypting files and stealing sensitive data. They demanded ransoms in cryptocurrency, threatening to publish the stolen information if their demands were not met.
To obscure the trail of their illicit gains, the group employed cryptocurrency mixing services, complicating efforts to trace the funds. The total damages from their operations are estimated to be around $16 million, affecting over 1,000 victims worldwide.
Phobos ransomware is a variant of malware that encrypts files on infected systems, demanding a ransom for their recovery. It is derived from the Dharma ransomware and shares many of its characteristics, but it has unique methods of spreading and customizing ransom demands.
Key features of Phobos ransomware include:
Currently, there are no publicly available tools for free decryption of files affected by Phobos ransomware. Therefore, prevention is crucial, involving measures such as securing remote access, using strong passwords, regularly updating systems, and maintaining offline backups to mitigate data loss.
The arrest of the Phobos ransomware gang marks a significant victory in the ongoing battle against cybercrime. As authorities continue to investigate, the case highlights the importance of international cooperation in tackling transnational criminal organizations and the need for robust cybersecurity measures to protect against such threats.
