8Base ransomware took responsibility for a recent successful infiltration of Lilis Brownies, a French corporation with over three decades of history behind it. The victim didn’t comment on the event.
8Base’s double-extortion tactic causes significant problems in the ransomware space. That’s because the victim needs to both circumvent the encryption and negotiate the deletion of the stolen data.
In most cases, the ransom is higher for double-extortion operations than those where the attackers do not encrypt the files. According to the latest data, 8Base hit and extorted approximately 80 victims since March of 2022.
This is definitely on the lower end of the spectrum, given that other ransomware actors have ten times that.
It’s unclear how many of these attacks have resulted in the victim paying the ransom. Or how high the ransom typically is with 8Base. One thing is for certain, though, paying the ransom isn’t always a good idea.
That’s because the victim has no guarantees that the attacker will keep its word and actually delete the stolen data. If the data they’ve collected is really valuable, the attacker will most definitely sell it to other ransomware entities.
These will then extort the victim again and the cycle continues.
We believe security online security matters and its our mission to make it a safer place.
8Base’s beginnings are uncertain, but some hints have surfaced over the past several months. While 8Base appears to be a completely unique entity, some ties have been found between it and other ransomware organizations, some of which are defunct.
These include Phobos, Hive, and RansomHouse. However, nothing has been confirmed, as the similarities could very well be just coincidences.
What it is known is that 8Base increased its activity significantly starting with 2023. According to the latest data, 8Base was responsible for 15% of the total number of ransomware attacks in 2023. 40 of these attacks took place in June alone.
This level of activity ranked 8Base second to Lockbit, which is the most active and dangerous ransomware actor today. Since June, the group’s activity went into a downward trend, but it does spike occasionally.
What makes 8Base even more intimidating is the fact that the organization is interested in their victims’ dirty laundry. In other words, 8Base operators will always look for incriminating data that could paint the victim in a bad light.
This could include clear compromising evidence, linking the victim to illicit activities, or circumstantial evidence that could be interpreted as such. The goal is to gain as much leverage as possible to tilt the balance in 8Base’s favor during negotiations.
This tactic has the potential to ruin a company’s reputation by either exposing their wrongdoings or making it seem like their guilty of that. Either way, 8Base’s future seems scarier than every today.