8Base Hackers Attack 5

By Bogdan Pătru . 21 June 2024

Tech Writer

Fact-Checked this

The 8Base ransomware gang has just announced a massive successful operation. The ransomware even took place across 4 nations: Taiwan, the Philippines, China, and Japan. The hackers haven’t specified how much data they’ve managed to steal.

8Base is a veteran in the ransomware space after coming public in March 2022
The hackers promote themselves as cybersecurity experts, aiming to expose cyber vulnerabilities by infiltrating their victims’ systems
The gang uses the double-extortion method to coerce the victim into paying the ransom or, at the very least, contact them for negotiations
The gang operates globally but prefers US-based targets, followed closely by the Netherlands, Vietnam, Israel, and the UK

8Base’s standard strategy revolves around deceiving their victims. The hackers pose as cybersecurity analysts, essentially breaching their targets to ‘test’ their active defenses. They will also, of course, steal essential data and encrypt the system behind them.

This forces the victim to contact them for negotiations if they want to re-access their system asap. This isn’t a novel tactic, but it’s one that 8Base relies on almost exclusively.

X showing the 8BASE attack on the 5 victims — https://x.com/FalconFeedsio/status/1804057869962137802

8Base isn’t as active as other cybercriminal gangs, especially in the first quarter of 2024. However, this doesn’t make it any less dangerous. The gang relies on typical email phishing to breach their targets because they’re cost-effective and efficient.

One interesting peculiarity about 8Base is that it bears similarities to several other ransomware gangs. RansomHouse is one of them, as 8Base uses their ransom notes to make their demands. They also rely on the Phobos ransomware during their operations.

This allows the hackers to make use of Phobos’s SmokeLoader to deliver their payload.

How to Deal with 8Base?

8Base isn’t much different from your typical ransomware actor. The hackers will get access to your system, infiltrate, disable the firewall and antivirus, and encrypt the files. They will also download all of the sensitive data that they can get.

This leaves the victim with 2 options: contact the hackers for negotiations or handle the situation themselves. It’s important to note that paying the ransom doesn’t always deliver the expected result. Most ransomware gangs, including 8Base, will deliver the decryptor.

But not the same can be said about the stolen data. The hackers are supposed to delete it after receiving the ransom, but that’s rarely the case. As reports show, most ransomware actors either keep the data to themselves, or sell it on the Dark Web.

This leads to more cybercriminal actors getting access to the victim’s confidential information. These will then extort the victim themselves, often months or even a year after the initial attack. The conclusion is simple: don’t pay the ransom!

That way, the hackers won’t be incentivized to continue their work since nobody will pay the ransom anymore. Naturally, this is easier said than done. Some institutions have sensitive data that could make them legally liable in case of any informational leaks.

This explains why many victims (including high-end ones) prefer to pay to have the data deleted. It’s important to note that some ransom notes can rank in the ballpark of tens of millions of dollars. Sometimes more.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

How to Deal with 8Base?

Our Mission

Bogdan Pătru

Leave a Comment Cancel