8Base Ransomware Attacks Pick Up in Volume in Mid-2023

ransomware

An under-the-radar ransomware threat known as 8Base has recently experienced a significant increase in activity during May and June 2023, according to researchers from VMware Carbon Black. This group employs encryption techniques combined with "name-and-shame" tactics to coerce their victims into paying ransoms. The 8Base ransomware has demonstrated an opportunistic pattern of compromising targets from various industries.

Data collected by Malwarebytes and NCC Group reveals that 8Base has been linked to 67 attacks as of May 2023, with approximately half of the victims belonging to the business services, manufacturing, and construction sectors. The majority of the targeted organizations are based in the United States and Brazil.

The origins of 8Base and the identities of its operators remain mysterious, with little information available about them. However, the researchers have found striking similarities between 8Base and another data extortion group called RansomHouse. The language used in the ransom notes and the welcome pages of both groups' data leak portals are virtually identical, suggesting a possible connection or influence between the two.

Similarities Between 8Base and Phobos

Although RansomHouse openly advertises its partnerships, 8Base does not. Additionally, there are differences in their leak pages. However, VMware discovered a Phobos ransomware sample that uses the same ".8base" file extension for encrypted files, raising the possibility that 8Base might be a successor to Phobos or that the attackers are leveraging existing ransomware strains instead of developing their own custom locker.

The researchers emphasize that the speed and efficiency of 8Base's operations indicate the continuation of an established and mature organization rather than the emergence of a new group. The relationship between 8Base, Phobos, and RansomHouse is still unclear and requires further investigation.

Apart from 8Base, new ransomware players such as CryptNet, Xollam, and Mallox have entered the market, while well-known families like BlackCat, LockBit, and Trigona continue to enhance their features and attack chains to target Linux and macOS systems in addition to Windows.

Cybersecurity analysts have observed instances where threat actors have employed BATLOADER to distribute Mallox, indicating their active efforts to refine tactics for increased stealthiness and the maintenance of their malicious activities.

By Zaib
June 28, 2023
Computer Security
English
June 28, 2023
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Cheerscrypt Ransomware Attacks VMware ESXi Servers

Cheerscrypt is a strain of ransomware that was spotted targeting VMware ESXi servers and using the typical double extortion approach that has become almost customary in ransomware over the past years. Cheerscrypt... Read more

May 27, 2022
Ransomware

Remove Sorryitsjustbusiness Ransomware

Sorryitsjustbusiness Ransomware is a threat whose attack looks devastating, but it might actually turn out to be one of the less dangerous file-encryption Trojans. Of course, this does not mean that you should... Read more

February 24, 2022
Ransomware

KTC Ransomware Attacks Could Have Devastating Consequences

The KTC Ransomware is a file-0locker, which has the ability to lock you out of your important files – documents, images, archives, videos, media, and others. It does this in order to offer to unlock your files – but... Read more

January 12, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.