8Base Hackers Attack 5

Bogdan Pătru

By Bogdan Pătru . 21 June 2024

Tech Writer

Alex Popa

Fact-Checked this

The 8Base ransomware gang has just announced a massive successful operation. The ransomware even took place across 4 nations: Taiwan, the Philippines, China, and Japan. The hackers haven’t specified how much data they’ve managed to steal.

  • 8Base is a veteran in the ransomware space after coming public in March 2022
  • The hackers promote themselves as cybersecurity experts, aiming to expose cyber vulnerabilities by infiltrating their victims’ systems
  • The gang uses the double-extortion method to coerce the victim into paying the ransom or, at the very least, contact them for negotiations
  • The gang operates globally but prefers US-based targets, followed closely by the Netherlands, Vietnam, Israel, and the UK

8Base’s standard strategy revolves around deceiving their victims. The hackers pose as cybersecurity analysts, essentially breaching their targets to ‘test’ their active defenses. They will also, of course, steal essential data and encrypt the system behind them.

This forces the victim to contact them for negotiations if they want to re-access their system asap. This isn’t a novel tactic, but it’s one that 8Base relies on almost exclusively.

X showing the 8BASE attack on the 5 victims
https://x.com/FalconFeedsio/status/1804057869962137802

8Base isn’t as active as other cybercriminal gangs, especially in the first quarter of 2024. However, this doesn’t make it any less dangerous. The gang relies on typical email phishing to breach their targets because they’re cost-effective and efficient.

One interesting peculiarity about 8Base is that it bears similarities to several other ransomware gangs. RansomHouse is one of them, as 8Base uses their ransom notes to make their demands. They also rely on the Phobos ransomware during their operations.

This allows the hackers to make use of Phobos’s SmokeLoader to deliver their payload.

How to Deal with 8Base?

8Base isn’t much different from your typical ransomware actor. The hackers will get access to your system, infiltrate, disable the firewall and antivirus, and encrypt the files. They will also download all of the sensitive data that they can get.

This leaves the victim with 2 options: contact the hackers for negotiations or handle the situation themselves. It’s important to note that paying the ransom doesn’t always deliver the expected result. Most ransomware gangs, including 8Base, will deliver the decryptor.

But not the same can be said about the stolen data. The hackers are supposed to delete it after receiving the ransom, but that’s rarely the case. As reports show, most ransomware actors either keep the data to themselves, or sell it on the Dark Web.

This leads to more cybercriminal actors getting access to the victim’s confidential information. These will then extort the victim themselves, often months or even a year after the initial attack. The conclusion is simple: don’t pay the ransom!

That way, the hackers won’t be incentivized to continue their work since nobody will pay the ransom anymore. Naturally, this is easier said than done. Some institutions have sensitive data that could make them legally liable in case of any informational leaks.

This explains why many victims (including high-end ones) prefer to pay to have the data deleted. It’s important to note that some ransom notes can rank in the ballpark of tens of millions of dollars. Sometimes more.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment