A ransomware gang named 8Base was the second most active group in June 2023, claiming roughly 30 victims, VMware reports.
Active since March 2022 and mainly focused on small businesses, the group engages in double extortion tactics, publicly naming and shaming victims to compel them to pay the ransom.
To date, the 8Base gang has hit approximately 80 organizations across sectors such as automotive, business services, construction, finance, healthcare, hospitality, IT, manufacturing, and real estate.
While analyzing the group’s activity, VMware identified a resemblance with another relatively unknown ransomware gang, RansomHouse, which is known for purchasing leaked data and then extorting companies for money.
According to VMware, similarities were found in communication style and ransom note, with the leak sites of the groups using nearly identical language, albeit different visuals. The main difference between the two groups is the fact that, while RansomHouse is openly recruiting for partners, 8Base is not.
“Given the similarity between the two, we were presented with the question of whether 8Base may be an off-shoot of RansomHouse or a copycat. Unfortunately, RansomHouse is known for using a wide variety of ransomware that is available on dark markets and doesn’t have its own signature ransomware as a basis for comparison,” VMware notes.
Like RansomHouse, VMware discovered, 8Base appears to be using multiple ransomware variants, with one family common to both, namely Phobos. In fact, 8Base was seen using ransom notes that match both RansomHouse and Phobos.
Phobos operates under the ransomware-as-a-service (RaaS) business model, and 8Base might have adopted it this way, customizing the malware to append the ‘.8base’ extension to the encrypted files.
According to VMware, which provides indicators of compromise associated with the gang’s activity, it is possible that 8Base has used different types of ransomware as part of their normal operation.
“Whether 8Base is an offshoot of Phobos or RansomHouse remains to be seen. It is interesting that 8Base is nearly identical to RansomHouse and uses Phobos ransomware. At present, 8Base remains one of the top active ransomware groups this summer (2023),” VMware concludes.
Related: Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack
Related: Ransomware Gang Takes Credit for February Reddit Hack
Related: A Russian Ransomware Gang Breaches the Energy Department and Other Federal Agencies
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
