The 8BASE ransomware group, a newbie gang, expanded its victim list on Monday by naming five more organizations from different parts of the world.
The cybercriminal group has issued threats through posts on their leak channels, stating their intentions to publish the targeted company’s data on July 3, 2023.
The five victim companies appear ransom choices, and operate in various sectors.
8BASE ransomware gang and new victims
The following companies have been identified as the latest victims of the 8BASE ransomware gang:
Lysander Shipping: Lysander Shipping, a Denmark-based global shipping company known for its logistics expertise, has fallen victim to the ransomware attack. The implications of this breach on the company’s operations and its clients’ confidential information are a matter of concern.
Clear Medi Healthcare: Clear Medi Healthcare, an Indian healthcare provider, has also found itself on the radar of the 8BASE ransomware gang. With a network of medical facilities and patient records at stake, the security breach poses a significant threat to the privacy and well-being of countless individuals.
Job-Sa Beton: Job-Sa Beton, a Tunisian small-scale construction services company has become a target of the ransomware attack. The potential leak of sensitive data, including financial records and employee information, could have severe repercussions for both the company and its stakeholders.
Pneumax: Pneumax, an Italian manufacturer of precision equipment, has been hit by the 8BASE ransomware attack. The compromise of proprietary designs, trade secrets, and customer data could jeopardize the company’s competitive advantage and customer trust.
Legalilavoro: Legalilavoro, an Italian legal consultancy firm providing employment-related services, has been added to the list of victims. The exposure of confidential client data, such as employment contracts, personal information, and legal documents, could have far-reaching legal and reputational implications.
8BASE ransomware group: A newbie gang
The 8Base ransomware group has been using double extortion on its victims, researchers at Cyble Research and Intelligence Labs (CRIL) reported in May 2023. Its most recent victims include US-based private equity firm Blue Sage Capital.
According to CRIL researchers, this group first steals the victims’ data and then encrypting it. In case the victim decides not to pay the ransom, the attackers make the stolen data public on their leak site.
As of May 22, they have exposed information about 66 victims on their website. The posts on their leak site can be traced back to April 2022, suggesting that they have been active for a significant period without disclosing information about their victims to the public.
“Predominantly targeting small and medium-sized businesses (SMBs), 8Base has attacked mainly companies within the Professional/Scientific/Technical sector, comprising 36% of known attacks, followed by Manufacturing at 17%,” MalwarebytesLabs reported in its May ransomware review.
“Geographical analysis of the victims suggests a concentration in America and Europe, with the United States and Brazil being the most targeted countries.”
A characteristic of the group is that their ransom note is particularly detailed, noted a Hackmanac report.
“In addition to the payment terms in bitcoins, clear instructions are in fact provided which prohibit the involvement of third parties, such as the police, agencies (FBI, CIA, NSA, …) or negotiators. Finally, specific guarantees are provided on the management of the data held by the group,” it said.