A ransomware group known as 8BASE has come forward with information about a cyberattack on Delaney Browne Recruitment, a recruitment agency based in England. The hackers claim to have obtained personal data and other important information from the alleged attack. Despite multiple inquiries, Delaney Browne has not responded to the claims.
According to 8BASE, they have acquired various details from the cyberattack, including invoice receipts, accounting documents, personal data, certificates, employment contracts, confidentiality agreements, and personal files of employees and clients. The screenshot of 8BASE’s dark web portal, shared by the Threat Intelligence Service Falcon Feeds, further confirms their responsibility for the attack.
The fact that recruitment data has been stolen raises concerns that the hackers may use it for social engineering attacks, such as targeted emails about job opportunities. It is advised for individuals to be cautious when receiving job-related emails that prompt them to click on links for password resets or file downloads. Job frauds have been reported on reputable platforms like LinkedIn, so users of recruitment portals should handle their data responsibly and update their account passwords regularly.
The 8BASE ransomware group has been actively launching cyber attacks on various organizations recently. Some of their targets include Traffic Tech (Gulf), Telepizza, Quikcard Solutions Inc., and Dental One, among others. The group uses encryption and “name-and-shame” techniques to pressure their victims into paying ransoms. The ransomware deployed by 8BASE adds a “.8base” extension to encrypted files. They target organizations across different sectors and publicly name them on their dark web portal.
While the motives of 8BASE remain unclear, researchers suspect that the group is not a newcomer to the hacking scene. The speed and efficiency of their operations suggest that 8BASE is a well-established organization rather than a newly formed group. Additionally, similarities have been found between 8BASE and other known ransomware groups. The language used by 8BASE in their ransom notes shows a 99% match with that of RansomHouse, indicating a possible connection.
In June 2023, 8BASE has seen a spike in their cyber attacks. They often refer to themselves as “Simple Pentesters” and provide information about the companies they target in their Frequently Asked Questions and Rules section on their dark web portal. Business services have been their primary target, followed by finance, manufacturing, information technology, and healthcare sectors, among others.
It is important to note that the information provided in this report is based on internal and external research. The Cyber Express, the source of the report, emphasizes that users bear full responsibility for relying on this information and assumes no liability for its accuracy or the consequences of its use.