In a recent report published by VMware, the 8Base ransomware group has been identified as a significant threat. The group has been active since March 2022 but has seen a significant increase in its activity in June 2023. Describing themselves as “simple pen testers,” the group operates a leak site where they provide victim details, frequently asked questions, rules, and various contact methods. Interestingly, their communication style bears resemblance to another known group, RansomHouse.
The primary targets of the 8Base ransomware group are organizations in the business services, finance, manufacturing, and IT sectors. Over the past thirty days, 8Base has ranked among the top two most active ransomware gangs. This highlights the continuing problem of ransomware attacks and the evolving threat landscape.
Jon Miller, CEO & Co-founder at Halcyon, expressed concern about the persistence of ransomware attacks. He noted that despite hopes for a decline in attacks this year, ransomware remains the number one threat to organizations. In March 2023 alone, there were 459 successful ransomware attacks, a 91% increase from the previous month and a 62% increase from the previous year. Miller also highlighted the close affiliation between ransomware groups and the Russian government, suggesting significant overlap in terms of threat actors, tools, and attack infrastructure.
Tracking these ransomware groups has become increasingly challenging due to the observed overlap in their code base, tactics, techniques, and procedures (TTPs), and other indicators of compromise. Ransomware-as-a-Service (RaaS) providers typically used the same name as their ransomware variant, but now the lines have become blurred. While it may not be possible to completely stop ransomware attacks, Miller emphasized the importance of preventing successful attacks by implementing effective security measures at various stages of the attack, such as ingress or lateral movement, data exfiltration, payload execution, system recovery, and minimizing downtime.
James McQuiggan, Security Awareness Advocate at KnowBe4, shed light on the protean nature of cybergangs. He noted that it is not uncommon for cybercriminal groups to disband and form new groups to carry out ransomware attacks using double extortion techniques. The transition of certain members from one group to another is often more than a coincidence. McQuiggan stressed the importance of organizations staying vigilant, monitoring the activities of these groups through threat intelligence, and taking necessary precautions to mitigate the risk of an attack.
The rise of ransomware attacks and the agility of cybergangs pose significant challenges to organizations and cybersecurity professionals. It is crucial for organizations to remain proactive in their approach to security, continuously adapting their defenses to combat the evolving threat landscape. Collaboration between the public and private sectors, information sharing, and advanced security solutions will be crucial in safeguarding critical infrastructure providers and preventing disruptive attacks.