VMware Analysts Warn About Increasing 8Base Ransomware Activities

Highlights:

• 8Base runs a leak site where it posts details about its victims and employs coercion to get them to pay a ransom.
• 8Base is a severe threat since it employs psychological warfare and has data encryption capabilities.

According to researchers at VMware Inc., a relatively new type of ransomware has seen a sharp increase in activity over the northern summer this year.

The 8Base ransomware gang was first discovered in March 2022 with victims in numerous industries. The gang uses encryption and “name-and-shame” techniques to coerce victims into paying a ransom.

Despite 8Base’s relative obscurity, the researchers claim that its recent rise in activity is evidence of a skilled and organized threat actor. After observing the group’s recent appearance on the ransomware and hacking scene, it is realized that their methods resemble earlier ransomware efforts, indicating a level of skill and experience.

In line with most of the top ransomware organizations in 2023, 8Base runs a leak site where it posts details about its victims and employs coercion to get them to pay a ransom. 8Base is a severe threat since it employs psychological warfare and has data encryption capabilities.

The notion that 8Base and other groups share parallels goes beyond only tactics. The researchers discovered that the language and communication style are closely similar to RansomHouse, another well-known ransomware group. Although it hasn’t been proven, there may be a connection between the organizations with a shared origin.

The alleged hacking of 450 gigabytes of data from Advanced Micro Devices Inc. in June 2022 was carried out by the RansomHouse ransomware gang. When claiming credit for the hack, the group was said to have left a lengthy and colorful remark.

The activities of 8Base also point to a potential relationship with Phobos ransomware, which is well-known for the ransomware-as-a-service feature that enables threat actors to customize it. As per the Threat Analysis Unit of VMware, 8Base might have used Phobos ransomware’s variant for attacks. SystemBC, a well-known proxy and remote administration tool used by numerous ransomware gangs, has also been discovered to have been employed by the group.

The researchers said in their conclusion that the importance for organizations to step up their cybersecurity safeguards is highlighted by the complexity and methods of ransomware groups like 8Base. To lessen the severity of threats like those posed by 8Base, firms should implement regular data backup, employee education on spotting and reporting phishing attempts, strong firewall protection, and regular software updates.

According to James Graham, Vice President of the cyber risk management firm RiskLens Inc., no organization should assume it’s safe because 8Base targets companies in every industry.

“Small businesses are extremely vulnerable because their cybersecurity measures are not typically as extensive as larger companies. However, cybersecurity is an extremely worthwhile investment, and one way to ensure that your business is not overpaying for it is to perform a quantitative risk assessment,” added Graham.