8Base Ransomware Infects 4 Across 4 Countries
8Base announced 4 new victims recently, located in the US, Germany, Mexico, and the UK. The victims all belong to different industries, like manufacturing, pharmaceutics, and governmental assistance.
- The attackers posted evidence of the breaches on their public platforms, along with brief summaries of the victims
- No other details have been posted, like the value of the ransom or the terms of the negotiation
- The victims have a week to contact the hackers for negotiations before their data is leaked online
- 8Base is known to be a sophisticated, dangerous, and competent ransomware group that uses a variety of ransomware variants during its operations
Despite being active since March of 2022, 8Base laid low for a while, with only sporadic attacks, things have changed fast over the past several months. Analysts have pointed out that 8Base has increased its activity significantly recently.
Not only that, but the hackers also appear to be more aggressive and prioritize high-value companies compared to their past preferences. This is an indication that 8Base has grown more confident in its abilities, systems, and MOs.
Ransomware attacks are the most popular type of breach, with the hackers gaining access to the victim’s confidential information. However, things are not all bad. 2022 saw a significant decrease in ransomware attacks of approximately 23% compared to 2021.
Most importantly, around 90% of the attacks either fail or the victim experiences no losses as a result. Or, at least, these were the official statistics for 2021 and 2022. The situation didn’t look as positive in 2023, and the predictions for 2024 are no different.
The current estimates are that, by 2031, there will be one ransomware every 2 seconds globally.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
How Does 8Base Operate?
8Base relies primarily on email phishing to infiltrate its targets. The group uses multiple tools and techniques to bypass security systems and hide their tracks along the way. 8Base also uses a powerful encryption tool that often forces the victims to negotiate.
The group also targets companies and private entities across a multitude of industries, so long as the breach is worth it. Typically, 8Base sticks to small and medium companies, but that’s not always the case.
While 8Base prefers the anonymity that comes with breaching small targets, they always follow the money. Especially if the victim isn’t adequately protected and gives the hackers the gift of an easy breach.
The organization uses the double-extortion tactic and relies on the Phobos ransomware variant to encrypt the victim’s files. This is a modified and customized version that allows the hackers to add the .8base appendix to the encrypted files.
But how should you deal with 8Base? The official recommendation is to refuse any type of negotiation. Experts recommend potential victims take the reputational loss coming with the release of their data publicly. That’s because paying the ransom doesn’t guarantee anything.
In many cases, the hackers will either publish or sell the data anyway, so paying the ransom will make no difference.