New findings from VMware reveal that the 8BASE ransomware group, originally detected in March 2022, has been increasingly active over the last month. This hacker collective is employing known cybercrime methods but is now operating at an alarming pace, affecting multiple industries.
Who is 8Base?
Interestingly, 8Base defines itself as a group of “simple pen-testers” or “penetration testers“. While this could essentially be a legitimate service, it’s clear in this case, it’s anything but. Like other cybercriminals, 8Base maintains a “leak site,” where victims’ data is made available if they refuse to pay the ransom.
Despite their rising activity, security experts are yet to decipher the exact methodology, motivation, and identity of these perpetrators. What’s evident is that this group operates swiftly and efficiently.
The VMware Findings
VMware’s analysis shows that 8Base’s communication style mirrors that of RansomHouse, another criminal organization that gained notoriety earlier this year when it executed a massive hack on AMD, seizing 450GB of financial data and research material. However, whether we can classify this collective as a genuine ransomware gang remains uncertain as VMware notes the group seems to purchase stolen data and then extorts businesses based on that information.
The statistics surrounding 8BASE’s activity are staggering: in June, the ransomware gang went from having the fewest detections in over a year to the most.
Wide Range of Targets
8Base’s targets range from business service providers to financial services, manufacturing, IT, and healthcare. Consequently, VMware characterizes the group’s victim selection as “opportunistic.”
Contrary to more brutal organizations like RagnarLocker, 8BASE strives to maintain a semblance of legitimacy. Using the pretext of the aforementioned “pen tester” guise, they claim to provide a service to the affected companies. Moreover, they offer a comprehensive FAQ, Terms of Service, and provide assurances about actions taken post-payment.
Ambiguous Origin
The detection of 8BASE does not indicate any specific ransomware software as the basis for their methods. Additionally, VMware discovered variations in the ‘ransom note,’ with some resembling those of RansomHouse and others akin to another criminal group: Phobos.
Speculation Abounds
Despite the valuable insights gained, VMware concludes that the remaining information remains speculative. Due to the various ransomware variants used by the group and the widespread targets, it’s challenging to form a clear profile of the group.
8BASE Twitter and Telegram account
The 8BASE Ransomware Group operates the Twitter profile dubbed @8BASEHOME;
https://twitter.com/8BASEHOME
on Telegram they operate the channel eightbase;
eightbase
