July 21, 2023  — 
Eric Swotinsky

8Base ransomware activity surges in U.S. and Brazil

Researchers have reported that the 8Base ransomware, which operated covertly for over a year, exhibited a significant increase in activity in May and June 2023. Employing encryption and "name-and-shame" tactics, 8Base targets victims across diverse industries. It has been linked to 67 attacks, primarily affecting businesses in the U.S. and Brazil, with sectors such as business services, manufacturing and construction being the most impacted.

The origins of 8Base remain elusive, but it has been active since at least March 2022 and describes itself as a group of "simple pentesters." Notably, similarities between 8Base and the RansomHouse group have been identified, including identical language in ransom notes and welcome pages.

Additionally, a sample of Phobos ransomware using the ".8base" file extension suggests a potential connection between 8Base and Phobos, or the utilization of existing ransomware strains. As part of a new wave of ransomware groups, 8Base operates alongside newcomers like Big Head, CryptNet, Mallox and Xollam.

Acronis Cyber Protect Cloud detects and blocks both existing and never-before-seen ransomware with its included Active Protection, based on the behaviors ransomware exhibits.