8Base ransomware has emerged as a prominent player in the cybercrime landscape, according to a new blog post by VMware Carbon Black’s TAU (Threat Analysis Unit) and MDR-POC (Managed Detection and Response Proof of Concept) teams.
The company explained that 8Base employs a combination of encryption and “name-and-shame” tactics to extort victims into paying ransoms.
Operating across various industries, the threat group has displayed an opportunistic approach to compromise, targeting a wide range of victims.
However, VMware said crucial details such as the group’s identity, methodology, and underlying motivations remain unknown.
According to the company, the recent surge in 8Base’s activities indicates that they are not a new group but rather an established and mature organization.
Notably, 8Base’s communication style closely resembles that of another group called RansomHouse, raising questions about their potential connection.
Read more on RansomHouse here: Hackers Target Colombia’s Healthcare System With Ransomware
In particular, analyses suggest that 8Base may be an offshoot or a copycat of RansomHouse, utilizing a variety of ransomware options, including an earlier version of Phobos ransomware.
“It’s been discovered that cyber-criminal groups disband and go off and start their ventures to attack organizations and hold them for ransom through double extortion techniques,” commented James McQuiggan, security awareness advocate at KnowBe4.
“Other groups have done activities like 8Base from RansomHouse, Ryuk to Conti, Maze to Egregor and GandCrab to Sodinokibi.”
Amid this ongoing speculation, organizations are advised to remain vigilant and take proactive measures to mitigate the risk of ransomware attacks.
“While these cyber-criminal groups break off and form different named groups or combine to be more actionable, organizations need to be aware of the groups through their threat intelligence groups, monitor the group’s activity, and take the necessary precautions to mitigate the risk of an attack,” McQuiggan added.
VMware Carbon Black recommends using endpoint detection and response solutions to detect and prevent ransomware infections.
Additionally, precautions such as educating employees about phishing emails and configuring network monitoring tools effectively can help organizations protect themselves against evolving ransomware threats.