Stop being a victim of Ransomware and take action today!
8Base ransomware had been operating inconspicuously for a year before showing a surge in activity in late spring of 2023.
What is 8Base Ransomware?
The 8Base Ransomware group had been relatively mysterious until its emergence as a prominent threat actor as of late June 2023. The group utilizes a combination of encryption and “name-and-shame” methods to get its victims to pay their ransom demands.
It is suspected that 8Base is a spinoff/rebrand of the notorious RansomHouse extortion group, an operation that skips the encryption phase and instead directly demands payment for the return of stolen data. Researchers found that RansomHouse and 8Base utilize identical ransom notes, use similar language, and post similar content on their leak sites.However, as of now, there is not enough substantial evidence to suggest that 8Base is affiliated with RansomHouse.
It was also noted that 8Base and Phobos use the same “.8base” file extension for file encryptions which implies that 8Base could be the descendant of Phobos. Phobos ransomware is a malware strain that prefers to attack small businesses using Windows through phishing campaigns, exploitation of software flaws, and RDP brute force attacks. Phobos ransomware is also available as a RaaS which could explain the similarities with 8Base.
How Does 8Base Ransomware Operate?
8Base Ransomware is a relatively new player in the cybercrime industry and made its debut in March 2022, staying under the radar for over a year. This group employs multiple strains and seems to be regulars on the RaaS market. By using double extortion attacks on varying organizations (mostly small and medium businesses) across the globe, they’ve had a steady increase of victims since the beginning of June 2023. Data from Malwarebytes and NCC Group shows that 67 separate attacks as of May 2023 were traced back to 8Base and 50% of these victims operate within the business, finance, manufacturing, and construction sectors of Brazil and America.
The 8Base dark web extortion website positions themselves as honest penetration testers, targeting and exposing companies that they say have put their own financial interests above their clients/partners. Penetration testing is a method of testing where IT experts/ethical hackers uncover and exploit computer system vulnerabilities to identify the weaknesses in the system’s defense and refine the security. This is known as penetration testing. As of early July 2023, 8Base has nearly 40 victims listed on their leak site.
How Can You Protect Your Company Against 8Base Ransomware?
8Base has been active for over a year but only recently started coming up on the cyber radar due to the launch of their leak site in May. There are many theories as to how 8Base came to be and whether 8Base is affiliated with RansomHouse and Phobos. It appears that 8Base will be one of the top active groups this summer. Much of 8Base’s operations are unknown and at this time, though experts advise organizations to stay vigilant and recommend endpoint detection and response (EDR) solutions. You can learn more about EDR in our blog post, Enhance Your Cybersecurity Strategy with Endpoint Detection and Response.
Other ways organizations can protect themselves from 8Base:
- Be proactive in your cybersecurity strategy
- Patch and update all systems
- Conduct regular data backups and protect those backups
- Implement multifactor authentication
- Implement cybersecurity best practices and training programs