(30/06/23) Blog 181 – 8Base ransomware group rising through the ranks

A ransomware group which first appeared on the Internet in March 2022 is surging in prominence after a number of successful attacks in May of this year.

Going by the name 8Base, the gang has recently released the details of almost 70 victims on their dark web leak site.

Targets of interest

The gang seem to favour targeting Small to Medium sized Enterprises (SMEs) in the verticals of business services, finance, manufacturing, and I.T. with the now well-used approach of double-extortion.

Double-extortion is the act of siphoning data to a leak-site and then encrypt the victims systems. The idea being that a victim might not pay a ransom if they have suitable backups to recover the encrypted data, so the threat of having leaked data sold, or otherwise made available of the Internet to others is the second reason to pay the ransom demand.

Leak announcements

The 8Base account on Twitter is run by a user who goes by the name Birdy who joined the platform in 2014 – They announced on the 14th May that they would be releasing a lost of leaked data soon.

This tweet was followed up with a series of tweets between the 26^th & 29^th June detailing a number of breaches they were leaking on their dark web site.

8Base & RansomHouse

A recent post by the Carbon Black Threat Analysis Unit at VMWare takes an indepth look at the rise of 8Base and their activities, and compares the activities of the 8Base gang to that of another ransomware gang known as RansomHouse.

The review of the two gangs drawn a number of comparisons, leading the analysts to conclude that either the gangs are one and the same, or that 8Base is a splinter group formed from RansomHouse members.

In conclusion

It seems that whoever is behind 8Base, they are becoming a force to be reckoned with in terms of successful ransomware attacks. Hopefully their success will be short lived and they slip up and get located by law enforcement which puts an end to their activities. Unless its another case of Smoke & Mirrors and it turns out that 8Base is yet another off-shoot of the notorious Lockbit gang.