Lili’s Brownies Cyberattack: 8BASE Ransomware Strikes Again | #ransomware | #cybercrime

Lili’s Brownies, a renowned confectionery specializing in delectable treats since 1991, has allegedly become a victim of a cyberattack orchestrated by the infamous 8BASE ransomware group. 

This Lili’s Brownies cyberattack, which surfaced on the dark web, marks another addition to the long list of organizations targeted by cybercriminals.

Based in Le Ulis (91), France, Lili’s Brownies is celebrated for its high-quality semi-finished products, cakes, cookies, and cupcakes tailored for catering establishments. 

Despite the company’s rich history and dedication to culinary excellence, its online presence, represented by the website, fell prey to malicious intent.

Lili’s Brownies Cyberattack: No Immediate Signs of the Intrusion

Lili's Brownies Cyberattack
Source: FalconFeeds on X

The Lili’s Brownies cyberattack, attributed to the 8BASE ransomware group, highlights the vulnerabilities inherent in digital platforms. The threat actor’s post, dated 9th January 2024, highlighted the infiltration posed by the 8BASE ransomware group.

Built on the WordPress platform and hosted by Combell NV, the website for Lili’s Brownies ( is operational at the moment. 

Lili's Brownies Cyberattack

While the site appears functional outwardly, the looming threat of compromised databases lurks beneath the surface since most ransomware groups target the databases and vulnerabilities in the systems instead of launching a direct attack like defacing. 

The Cyber Express has reached out to Lili’s Brownies to learn more about this 8BASE ransomware attack claims. However, at the time of writing this, no official statement or response has been received, leaving the claims for the Lili’s Brownies unverified at this point.

Modus Operandi of 8BASE Ransomware Group

The modus operandi of the 8BASE ransomware group follows a pattern observed in previous attacks. Operating since early 2023, the group adopted a multi-extortion model in May of the same year, leveraging a TOR-based victim blog site to propagate fear and coercion.

According to a SentinelOne report, while the group’s origins trace back to smaller campaigns in 2022, formal affiliations with ransomware families like Phobos, RansomHouse, and Hive remain speculative.

Primarily targeting sectors such as finance, manufacturing, IT, and healthcare, 8BASE casts a wide net, ensnaring victims predominantly in the US and Brazil. Initial access is often gained through phishing emails or intermediaries, facilitating the deployment of malicious payloads like SmokeLoader.

Upon infiltration, 8BASE encrypts local drives and shared networks, rendering critical data inaccessible to legitimate users. The use of advanced encryption algorithms and obfuscation techniques complicates recovery efforts, amplifying the impact on affected organizations.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source link


National Cyber Security