Authorities released free decryptor for Phobos and 8base ransomware

Japanese authorities have released a free decryptor tool for Phobos and 8Base ransomware families, enabling victims to recover encrypted files without paying ransom demands. Available through Japanese police and Europol’s NoMoreRansom website, the decryptor supports multiple file extensions including .phobos, .8base, .elbie, .faust, and .LIZARD, developed using intelligence from recent law enforcement takedowns of the criminal operation. The Phobos ransomware-as-a-service network, active since 2019, has targeted over 1,000 organizations globally and extorted more than $16 million through double extortion tactics involving data theft and encryption. Recent international law enforcement successes include the extradition of Russian operator Evgenii Ptitsyn to face U.S. cybercrime charges and the February 2025 arrests of Roman Berezhnoy and Egor Glebov for operating the criminal enterprise. Security experts recommend organizations remove malware using reliable antivirus software before deploying the decryptor to prevent re-encryption, while the tool represents a significant victory for international cybersecurity cooperation in combating ransomware operations targeting small and medium-sized businesses across finance, manufacturing, and IT sectors.​​​​​​​​​​​​​​​​