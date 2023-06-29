A massive spike in ransomware activity in May and June 2023 has been attributed to a relatively unknown ransomware group called 8Base.

"Although the 8Base Ransom Group is not necessarily a new group, their spike in activity recently has not gone unnoticed. Even within the past 30 days, it is within the top 2 performing ransom groups," VMware said in a report. "Not much was known publicly about the kind of ransomware used by 8Base other than the ransom note and that it appends encrypted files with the extension '.8base'."

The group utilizes encryption paired with "name-and-shame" techniques to compel its victims to pay their ransoms. 8Base has an opportunistic pattern of compromise with recent victims spanning across varied industries, VMware said.

8Base is a Ransomware group that has been active since March 2022. The group describes itself as "simple pen testers." Their leak site provides victim details through Frequently Asked Questions and Rules sections as well as multiple ways to contact the group.

Chart comparing 8Base Ransom Group victimization statistics with other known Ransom Groups. VMware

The group has been linked to 67 attacks as of May 2023, with about half of the victims operating in the business services, manufacturing, and construction sectors. A majority of the targeted companies are located in the US and Brazil, according to statistics gathered by Malwarebytes and NCC Group.

Similarities with RansomHouse

While reviewing 8Base, the researchers noticed there were significant similarities between the 8Base group and another group called RansomHouse.