Japan’s National Police Agency (NPA) has released a free decryption tool for victims of the Phobos and 8Base ransomware groups. The decryptor, accompanied by an English-language guide aims to help victims recover locked files without paying ransom demands. The tool was developed with support from the European Cybercrime Centre and the FBI.
US authorities previously revealed that Phobos affiliates extorted over $16 million from around 1,000 victims worldwide since 2019. The ransomware group gained notoriety for accepting relatively small ransom payments, sometimes under $100,000, targeting smaller organizations and public institutions. In February 2025, the US authorities arrested two Russian nationals in connection with the Phobos ransomware operation.
The FBI warned in early 2024 that Phobos was increasingly attacking local governments and critical infrastructure in the US, including emergency services and public healthcare systems.
The 8Base offshoot, which surged in activity in mid-2023, has claimed responsibility for attacks on high-profile organizations such as the United Nations Development Programme and the Atlantic States Marine Fisheries Commission, as well as a Canadian agency administering dental benefits for disabled residents in Alberta.
In unrelated news, Karen Serobovich Vardanyan, a 33-year-old Armenian national, has been extradited from Ukraine to the United States to face federal charges related to the Ryuk ransomware attacks. He is accused of conspiring with others to hack into US companies' computer systems between March 2019 and September 2020 deploying ransomware to extort payments. Vardanyan is charged with conspiracy, computer fraud, and extortion, and faces up to five years in prison and a $250,000 fine per count. His trial is set for August 26, 2025. Three co-conspirators, including another Armenian national, Levon Avetisyan, and two Ukrainians, remain at large.