Researchers at VMware Inc. have issued a warning about a relatively unknown form of ransomware that has seen a massive spike in activity over the northern summer this year.
First detected in March 2022, the 8Base ransomware group uses encryption and “name-and-shame” tactics to force victims to pay a ransom, with victims across multiple industries.
Despite the relative obscurity of 8Base, its recent surge in activity is said by the researchers to indicate an experienced and well-organized threat actor. The group’s operations have similarities to previous ransomware campaigns, suggesting a level of sophistication and experience despite the group’s recent emergence on the ransomware and hacking scene.
Typical of most leading ransomware groups in 2023, 8Base operates a leak site where they disclose information about their victims and use intimidation tactics to pressure victims into paying a ransom. The use of psychological warfare, combined with the group’s ability to encrypt data, is claimed to make 8Base a serious threat.
The idea that 8Base has similarities to other groups does not stop at tactics alone, with the researchers finding that the language and style of communication used closely mirror that of another known ransomware group, RansomHouse. Although not confirmed, it’s believed there is a potential link between the groups, which may have a common origin.
The RansomHouse ransomware gang was the group that was behind the alleged theft of 450 GB of data from Advanced Micro Devices Inc. in June 2022. The group was noted at the time as having left a rather long and colorful message when taking credit for the hack.
8Base’s operations also reveal a possible connection with Phobos ransomware, known for its ransomware-as-a-service feature that allows for customization by threat actors. VMware’s Threat Analysis Unit note that 8Base has potentially used a version of Phobos ransomware in their attacks. The group has also been found to have used SystemBC, a known proxy and remote administration tool used by various ransomware groups.
The researchers conclude by noting that the sophistication and tactics of ransomware groups such as 8Base underscore the urgency for businesses to ramp up their cybersecurity measures. Regular data backup, employee education on recognizing and reporting phishing attempts, robust firewall protection and frequent software updates are among the suggestions that companies shpuld use to mitigate the risk of threats such as those posed by 8Base.
Commenting on the report, James Graham, vice president at cyber risk management company RiskLens Inc., told SiliconANGLE that with 8Base targeting businesses across all industries, no business should assume they are not at risk.
“Small businesses are extremely vulnerable because their cybersecurity measures are not typically as extensive as larger companies,” Graham explained. “However, cybersecurity is an extremely worthwhile investment, and one way to ensure that your business is not overpaying for it is to perform a quantitative risk assessment.”
Image: Bing Image Creator
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.