• Home
  • News
  • 8-Base Ransomware Infects France-Based Lilis Brownies

8-Base Ransomware Infects France-Based Lilis Brownies

Miklos Zoltan

By Miklos Zoltan . 12 February 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

8Base ransomware took responsibility for a recent successful infiltration of Lilis Brownies, a French corporation with over three decades of history behind it. The victim didn’t comment on the event.

  • 8Base employed its standard double-extortion tactic, encrypting the victim’s files and stealing important data
  • This paralyzes the company’s systems and has the potential to cause significant financial losses
  • Lilis Brownies had a 3-day deadline, until the 12th, to complete negotiations
  • According to recent investigations, 8Base has increased its activity considerably over the past several months

8Base’s double-extortion tactic causes significant problems in the ransomware space. That’s because the victim needs to both circumvent the encryption and negotiate the deletion of the stolen data.

In most cases, the ransom is higher for double-extortion operations than those where the attackers do not encrypt the files. According to the latest data, 8Base hit and extorted approximately 80 victims since March of 2022.

This is definitely on the lower end of the spectrum, given that other ransomware actors have ten times that.

X showing the 8BASE attack on Lilis Brownies

It’s unclear how many of these attacks have resulted in the victim paying the ransom. Or how high the ransom typically is with 8Base. One thing is for certain, though, paying the ransom isn’t always a good idea.

That’s because the victim has no guarantees that the attacker will keep its word and actually delete the stolen data. If the data they’ve collected is really valuable, the attacker will most definitely sell it to other ransomware entities.

These will then extort the victim again and the cycle continues.

8Base’s Scary Future

8Base’s beginnings are uncertain, but some hints have surfaced over the past several months. While 8Base appears to be a completely unique entity, some ties have been found between it and other ransomware organizations, some of which are defunct.

These include Phobos, Hive, and RansomHouse. However, nothing has been confirmed, as the similarities could very well be just coincidences.

What it is known is that 8Base increased its activity significantly starting with 2023. According to the latest data, 8Base was responsible for 15% of the total number of ransomware attacks in 2023. 40 of these attacks took place in June alone.

This level of activity ranked 8Base second to Lockbit, which is the most active and dangerous ransomware actor today. Since June, the group’s activity went into a downward trend, but it does spike occasionally.

What makes 8Base even more intimidating is the fact that the organization is interested in their victims’ dirty laundry. In other words, 8Base operators will always look for incriminating data that could paint the victim in a bad light.

This could include clear compromising evidence, linking the victim to illicit activities, or circumstantial evidence that could be interpreted as such. The goal is to gain as much leverage as possible to tilt the balance in 8Base’s favor during negotiations.

This tactic has the potential to ruin a company’s reputation by either exposing their wrongdoings or making it seem like their guilty of that. Either way, 8Base’s future seems scarier than every today.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment