CyberSecurityBoard
Sponsor Register Login

Japanese police release decryptor for Phobos ransomware after February takedown | The Record from Recorded Future News

The spinoff operation named 8Base ramped up its activity in the summer of 2023 and the group claimed responsibility for high-profile attacks on the United Nations Development Programme and the Atlantic States Marine Fisheries Commission as well as a Canadian agency that administers dental benefit plans for disabled people in Alberta. The FBI, alongside law enforcement agencies in Germany, Japan and more, took down more than 100 servers used as part of the Phobos scheme and warned more than 400 companies worldwide of ongoing or imminent ransomware attacks. Phobos administrators made money by conducting their own ransomware attacks, the indictment says, and by distributing the malicious code on the dark web to affiliates. U.S. law enforcement efforts culminated in the arrest and extradition of Russian national Evgenii Ptitsyn — an alleged Phobos administrator — from South Korea in November. “Taking advantage of Phobos’s infrastructure, 8Base developed its own variant of the ransomware, using its encryption and delivery mechanisms to tailor attacks for maximum impact,” Europol said earlier this year. Phobos was particularly damaging because it focused its efforts on attacking smaller businesses and organizations that typically lacked the kind of cybersecurity protections needed to defend against ransomware. Victims of Phobos and 8Base ransomware incidents will now have access to a decryptor thanks to Japan’s National Police Agency. The U.S. Department of Justice unsealed an array of criminal charges against Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, for their alleged roles in using Phobos to earn more than $16 million. The tool was shared by the European Cybercrime Centre and the FBI, which noted that its Baltimore office led an investigation that culminated in charges against Phobos affiliates earlier this year. Phobos is best known for accepting significantly smaller ransoms from attacks, including several under $100,000. On Thursday, Japanese officials published the free decryption tool and a guide in English for organizations impacted by the group’s attacks.

This Cyber News was published on therecord.media. Publication date: Fri, 18 Jul 2025 18:50:17 +0000


Cyber News related to Japanese police release decryptor for Phobos ransomware after February takedown | The Record from Recorded Future News

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
4 months ago Cybersecuritynews.com
New Phobos ransomware decryptor lets victims recover files for free - The Japanese police have released a Phobos and 8-Base ransomware decryptor that lets victims recover their files for free, with BleepingComputer confirming that it successfully decrypts files. The Japanese police have now released a free decryptor ...
3 weeks ago Bleepingcomputer.com 8base
New decryptor for Babuk Tortilla ransomware variant released - Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. Cisco Talos shared the key with our peers at ...
1 year ago Blog.talosintelligence.com
Japanese police release decryptor for Phobos ransomware after February takedown | The Record from Recorded Future News - The spinoff operation named 8Base ramped up its activity in the summer of 2023 and the group claimed responsibility for high-profile attacks on the United Nations Development Programme and the Atlantic States Marine Fisheries Commission as well as a ...
3 weeks ago Therecord.media 8base
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
5 months ago Cybersecuritynews.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Babuk ransomware decryptor updated with Tortilla support The Register - Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant. A collaboration between Cisco Talos, Avast, and the Netherlands police led to the development of ...
1 year ago Go.theregister.com DAIXIN
What is Proposition E and Why Should San Francisco Voters Oppose It? - In addition to removing certain police oversight authority from the Police Commission and expanding the circumstances under which police may conduct high-speed vehicle chases, Proposition E would also amend existing laws passed in 2019 to protect San ...
1 year ago Eff.org
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
1 year ago Infosecurity-magazine.com
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ...
1 year ago Krebsonsecurity.com LockBit
New Decryption Key Available for Babuk Tortilla Ransomware Victims - A new decryptor key has been created for victims of the Babuk Tortilla ransomware variant, Cisco Talos has confirmed. These keys will be added to a generic Babuk decryptor previously created by Avast Threat Labs. This will enable users to download ...
1 year ago Infosecurity-magazine.com Black Basta
Decryptor released for FunkSec ransomware; Avast works with law enforcement to help victims | The Record from Recorded Future News - FunkSec ransomware victims are getting a break via a decryptor released by cybersecurity experts at Avast. This week, Avast said it is working with law enforcement agencies to help the alleged 113 victims of the ransomware gang decrypt their files. ...
1 week ago Therecord.media
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
1 year ago Bleepingcomputer.com LockBit Cactus
San Francisco Police's Live Surveillance Yields Almost 200 Hours of Spying-Including of Music Festivals - A new report reveals that in just three months, from July 1 to September 30, 2023, the San Francisco Police Department racked up 193 hours and 19 minutes of live access to non-city surveillance cameras. That means for the equivalent of 8 days, police ...
1 year ago Eff.org
How the Hive Takedown Impacts Ransomware Prevention - Ransomware experts are widely praising the takedown of the notorious "Hive" criminal infrastructure, but the potential impacts it may have on preventing ransomware ongoing and into the future remains a matter of debate. ...
2 years ago Therecord.media
Online ransomware decryptor helps recover partially encrypted files - CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. The company announced today that although the tool was already freely available through GitHub as a ...
1 year ago Bleepingcomputer.com BianLian Qilin Cactus Black Basta
Decryptor for Babuk ransomware variant released after hacker arrested - Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. Tortilla is a Babuk ransomware variant ...
1 year ago Bleepingcomputer.com Black Basta
Threatening Emails Rattle Bengal Schools: Police Pursue Latvia Lead - In a statement announced Tuesday, the Kolkata Police said that more than 20 schools across the city have been threatened with bombs, which have been later revealed as hoaxes. According to the sender, bombs had been placed in numerous classrooms ...
1 year ago Cysecurity.news
The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
1 year ago Bleepingcomputer.com Inc ransom Qilin Mallox Black Basta
Free BianLian Ransomware Decryptor: A Complete Guide - With the recent emergence of ransomware attacks targeting organizations around the world, it has become increasingly important to have the latest security solutions in place in order to combat such threats. One of the most notable ransomware threats ...
2 years ago Securityaffairs.com BianLian
New Black Basta decryptor exploits ransomware flaw to recover files - Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for ...
1 year ago Bleepingcomputer.com Black Basta
'Black Basta Buster' Exploits Ransomware Bug for File Recovery - Researchers have exploited a weakness in a particular strain of the Black Basta ransomware to release a decryptor for the malware, but it doesn't recover all of the files encrypted by the prolific cybercriminal gang. Security research and consulting ...
1 year ago Darkreading.com FIN7 Black Basta
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)