VMware researchers issue alert on rising 8Base ransomware activity

Researchers at VMware Inc. issued a warning Wednesday about a relatively unknown form of ransomware that has seen a massive spike in activity over the northern summer this year.

First detected in March 2022, the 8Base ransomware group uses encryption and “name-and-shame” tactics to force victims to pay a ransom, with victims across multiple industries.

Despite the relative obscurity of 8Base, its recent surge in activity is said by the researchers to indicate an experienced and well-organized threat actor. The group’s operations have similarities to previous ransomware campaigns, suggesting a level of sophistication and experience despite the group’s recent emergence on the ransomware and hacking scene.

Typical of most leading ransomware groups in 2023, 8Base operates a leak site where it discloses information about its victims and uses intimidation tactics to pressure victims into paying a ransom. The use of psychological warfare, combined with the group’s ability to encrypt data, make 8Base a serious threat.

The idea that 8Base has similarities to other groups does not stop at tactics alone. The researchers found that the language and style of communication used closely mirror that of another known ransomware group, RansomHouse. Although not confirmed, it’s believed there is a potential link between the groups, which may have a common origin.

The RansomHouse ransomware gang was the group that was behind the alleged theft of 450 gigabytes of data from Advanced Micro Devices Inc. in June 2022. The group was noted at the time as leaving a rather long and colorful message when taking credit for the hack.

8Base’s operations also reveal a possible connection with Phobos ransomware, known for its ransomware-as-a-service feature that allows for customization by threat actors. VMware’s Threat Analysis Unit noted that 8Base has potentially used a version of Phobos ransomware in their attacks. The group has also been found to have used SystemBC, a known proxy and remote administration tool used by various ransomware groups.

The researchers concluded by noting that the sophistication and tactics of ransomware groups such as 8Base underscore the urgency for businesses to ramp up their cybersecurity measures. Regular data backup, employee education on recognizing and reporting phishing attempts, robust firewall protection and frequent software updates are among the suggestions that companies should use to mitigate the risk of threats such as those posed by 8Base.

James Graham, vice president at cyber risk management company RiskLens Inc., told SiliconANGLE that with 8Base targeting businesses across all industries, no business should assume it’s not at risk.

“Small businesses are extremely vulnerable because their cybersecurity measures are not typically as extensive as larger companies,” Graham explained. “However, cybersecurity is an extremely worthwhile investment, and one way to ensure that your business is not overpaying for it is to perform a quantitative risk assessment.”

Image: Bing Image Creator