8Base Ransomware Strikes Again

By Miklos Zoltan . 28 May 2024

Founder - Privacy Affairs

Fact-Checked this

The 8Base hackers announced another fresh operation, this time against 3 high-profile corporations from Japan and Belgium. These are Matusima Corporation, Shirasaki Corporation, and Architecture LEJEUNE GIOVANELLI.

8Base operators gave the victims only several days to contact them for negotiations
The gang uses the double extortion technique to gain leverage during negotiations and force the victim into paying a higher ransom
Neither of the victims has commented on the attacks, so it’s unclear how much data the hackers have managed to steal
8Base has ramped up its activity starting with Q4 of 2023, following the overall trend in the ransomware sphere

Ransomware attacks have increased in frequency considerably over the past year. Some of this is due to new-coming groups attempting to make a name for themselves, while the rest of the operations are tied to veteran gangs.

8Base is following the trend by targeting vulnerable private and public entities. The gang relies on an accurate and effective technique to infiltrate the victims’ system, evade detection, disable the firewall, encrypt the system, and exfiltrate the target data.

X showing the 8BASE attack on the 3 victims — https://x.com/FalconFeedsio/status/1795085045637460206

The hackers will also leave behind a ransomware note instructing the victim on how to contact them for talks. If the victim doesn’t reach out to them within the given deadline or the negotiations fall flat, the hackers will leak the stolen data.

Needless to say, many businesses prefer to pay the ransom to gain access to their system or have the hackers delete the data. But that’s not the only reason.

Should You Pay the Ransom?

If you’re unfamiliar with the ransomware sphere, you probably don’t know that businesses are targeted more frequently than private individuals. The reasons are obvious: the projected profits are considerably higher.

But then, you may think, why would any business pay the ransom? They can bypass the encryption with some professional assistance, so it’s not like they can’t access their system anymore. The answer lies in the leaked data.

The fact that the company’s data leaks publicly, allowing everyone to access it and use it for their own gains, is a double-edged sword. On the other hand, this can drag other people into the mess, like the business’s employees and customers.

In turn, this will tarnish the company’s reputation, as people will become less willing to share their personal data with the company. Or use its services again in the future. On the other hand, there’s the legal aspect that weighs heavily in the balance.

To put it simply, it’s the company’s business to protect their clients and employees’ confidential information. Any data leak is the direct responsibility of the company, which failed, one way or the other, to prevent that from happening. And nobody wants that.

Which is why it’s not uncommon for major corporations to not report a data leak. And it also explains why businesses don’t address ransomware breach claims, even when coming from the hackers themselves. The hope is that, by not addressing, nobody will pay attention.

So, should you pay the ransom? The standard advice is no. Reports show that the hackers will most likely either leak your data, keep it to themselves, or sell it to other cybercriminal gangs anyway. Whether you pay or not.

This is a great incentive for adopting the no-negotiations policy.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

8Base Ransomware Strikes Again

Should You Pay the Ransom?

Our Mission

Miklos Zoltan

Leave a Comment Cancel