In a new analysis, Trend Micro focuses on the 8Base ransomware group, which ranked second on the list of the "most successful" ransomware actors in the first months of 2024 - just behind LockBit.
With the successful operation of international law enforcement agencies earlier this year against Lockbit 8Base is expected to continue to expand its importance in the ransomware landscape. The 8Base group presents itself as a penetration tester and claims on its leak site that it is only targeting companies that "neglect the privacy and importance of the data of their employees and customers".
8Base presents itself as serious and blackmails
At the same time, however, it blackmails its victims, especially small businesses, by pursuing a dual extortion strategy. The malware primarily gains access via phishing emails, but samples were also found on domains that appear to be associated with SystemBC, a proxy and remote administration tool (RAT). Trend Micro has analyzed the group in detail and offers comprehensive insights.
Key findings about 8Base
- Discovered in March 8, the 2022Base ransomware group uses a "name and shame" tactic to blackmail its victims by encrypting sensitive information and threatening to publish it.
- Although 8Base positions itself as a penetration tester, the group has financial motives behind its attacks and has already targeted public healthcare facilities in the United States.
- 8Base uses Phobos ransomware version 2.9.1 and SmokeLoader for intrusion obfuscation and mainly relies on phishing emails as an entry point.
- The group focuses primarily on companies in North America, but also targets European companies, particularly in the manufacturing and financial sectors.
- 8Base's attacks primarily target small businesses, even though or precisely because the group poses as penetration testers.
- 8Base's attack chain and techniques are diverse and include phishing, credential access, protection evasion, lateral movement, privilege escalation, exfiltration, and encryption impact.
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.