2 new 8Base victims surfaced recently from Spain and US. HELPHONE and Midway Ford found themselves in hot water after 8Base breached their systems and stole important data.
8Base is a more peculiar cybercriminal organization due to its MO and self-stated motivation. Despite compromising their targets’ systems and stealing valuable data, 8Base doesn’t necessarily encrypt it on the parent system.
Rather, they will simply clone it and threaten to release it publicly, should the victim refuse to pay. The reason for this tactic, in 8Base’s own words, is the willingness to “help” those with poor cybersecurity.
That being said, 8Base too demands a ransom in exchange for deleting the files. If no consensus is reached during the negotiations or the victim refuses to pay, 8Base will release the stolen data publicly.
8Base first became public in March of 2022, but didn’t show any meaningful activity until almost a year later, in June of 2023. The organization planned and executed a number of ransomware attacks on US targets belonging to several sectors.
Despite claiming that they don’t use the double extortion practice, that’s not entirely true. Some victims have had their systems encrypted, although many have not had this problem.
As to the organization’s identity, internal structure, and operators, little-to-nothing is known. 8Base keeps its cards close to its chest. Despite that, some hints have been discovered in relation to the group’s potential identity, more specifically in how they operate.
Specialists have identified similarities between 8Base and other cybercriminal organizations like RansomHouse and Phobos. These groups also alternate ransomware attacks and data-extortion practices.
This may either suggest that 8Base is a puppet organization, liked to one of the 2, or that they influence each other. The latter is more likely, given that cybercriminal organizations often copy each other’s successful strategies.
They also join efforts to conduct larger operations against more secured targets.
Another important aspect of 8Base’s main MO is the tendency to sell the stolen data to friendly extortion groups. One of these groups is RansomHouse. RansomHouse then uses the data to blackmail the initial victim in addition to 8Base doing the same.
This type of partnership has the potential to be even more destructive than a simple ransomware breach. Even so, it’s been reported that most victims refuse to pay and decide to face the consequences associated with the data leak.
Despite its slow start, 8Base has quickly grown into a formidable force in the ransomware sphere. They have performed numerous attacks on high-profile targets, although not much is known about their success.
One thing is for sure, 8Base is worth keeping an eye on.
We believe security online security matters and its our mission to make it a safer place.