Russians Arrested in Thailand for Stealing $16.5M in Bitcoin

Police in Phuket, Thailand have arrested four Russian nationals suspected of carrying out cyberattacks using ransomware, targeting over 1,000 companies and causing damages totaling $16.5 million.

Earlier today we made a post regarding the arrest of 8base ransomware group. We have deleted that post due to misinformation. This is a correction post.

Note: Our original source of the 8base ransomware group takedown was incorrect. Thank you to "Deleted Account" (their name,… pic.twitter.com/nQgiR3dFQ4

— vx-underground (@vxunderground) February 11, 2025

Authorities seized more than 40 pieces of evidence, including laptops, smartphones, and digital wallets belonging to the suspects. They have been charged with electronic fraud and conspiracy to commit crimes against the United States.

According to Cyber Crime Investigation Bureau Commissioner Trairong Phiefan, Swiss authorities have requested the suspects’ extradition. The hackers allegedly breached 17 Swiss firms between April 2023 and October 2024, stealing significant amounts in Bitcoin.

The operation was coordinated by Europol, which described the arrested individuals as key members of the 8Base ransomware group.

🚨 Major international operation targets Phobos & 8Base ransomware groups.

Four arrests & 27 servers seized in a coordinated effort across 14 countries.

Read more in our press release ⤵️https://t.co/WkmbS5jSJI pic.twitter.com/BhiI22eFns

— Europol (@Europol) February 11, 2025

The criminals used a custom variant of the Phobos ransomware, following a Ransomware-as-a-Service (RaaS) model.

The joint investigation involved law enforcement from 14 countries. Authorities also prevented attacks on more than 400 additional companies worldwide.

As a reminder, ransomware operators’ revenue fell by 35% in 2024, declining to $813 million from $1.25 billion the previous year, according to Chainalysis.