ToyotaLift Northeast Cyber Attack Claimed By 8BASE Hackers!


The 8BASE ransomware group recently listed an authorized Toyota forklift dealer on its list of victims.

The hacker collective allegedly has data from the website of ToyotaLift Northeast. The group publicly announced the alleged failed negotiations and the deadline for the ransom payment.

The ToyotaLift Northeast cyber attack has not been confirmed by the company. However, the hackers have claimed to have data from ToyotaLift Northeast.

ToyotaLift Northeast provides loading and unloading trucks for carrying goods or fork lifting. The company offers quality new and used forklifts on the east coast. It is based in New York and caters to locations including Greater Philadelphia, New Jersey, New York, Delaware, and Maryland.

Details about the claimed ToyotaLift Northeast cyber attack

8BASE wrote that they had a long negotiation with the team of ToyotaLift Northeast however, it did not turn out as expected. The amount of ransom demanded by the hackers was not stated in the dark web post.

Toyota Forklift Dealer on 8Base Ransomware Group's Victim List
Screenshot of the homepage of ToyotaLift Northeast

The official website of ToyotaLift Northeast displayed a message stating that they were facing issues due to a “website update”. However,  it is unclear whether it was linked to the ToyotaLift Northeast cyber attack.

The message verified that the manufacturer’s showroom pages were experiencing problems due to a website update. However, the website did not provide an estimated timeframe for when the pages would be restored.

The Cyber Express has reached out to the company for comments regarding the reported ToyotaLift Northeast cyber attack and associated threats. This report will be updated once a response is received.

ToyotaLift Northeast cyber attack and failed negotiations

ToyotaLift Northeast cyber attack
Screenshot of the dark web portal of 8BASE (Photo: Falcon Feeds/ Twitter)

The ToyotaLift Northeast ransomware message by 8BASE claimed that after a long negotiation, the company decided to stop communicating with the group. 8BASE allegedly exfiltrated the information of the company clients including personal correspondence.

They threatened to leak all the data from the ToyotaLift cyber attack which also included financial statements and other documents with confidential information.

The date of releasing all the exfiltrated data on the dark web from the ToyotaLift ransomware attack was August 23, 2023.

What we know about the 8BASE ransomware group

Researchers suspect that 8BASE is not a new group and instead is part of a well-established group seeing the size of cyber attacks by them.

ToyotaLift Northeast cyber attack
(Photo: Vmware blog)

Active since 2022, there has been a surge in cyber attacks by 8BASE since May 2023.

ToyotaLift Northeast cyber attack
Ransom notes of 8Base and RansomHouse (Photo: Vmware blog)

Seeing the similarities between 8BASE and the RansomHouse group, it is likely that the group members are one and the same or that they share resources for cyber attacks. The ransom note sample from both ransomware groups leads to suspicion of them being similar.

Researchers used a Natural Language Processing model that compared the ransom notes used by 8BASE and Ransomhouse, and it was found that the notes were 99% identical.

According to an Avertium report, RansomHouse was discovered in December 2021. However, the group has not been found deploying ransomware or encrypting data. Instead, they send ransom notes to extort money for the data they have.

This leads to speculations that they buy data stolen by other groups or access data released by other hackers and make money out of it.

The whereabouts and the modus operandi of both cybercrime groups remain unclear with their motive being to make money from stolen data.

ToyotaLift Northeast cyber attack
Screenshot of 8Base’s webpage (Photo: Vmware blog)

8BASE has targeted industries including finance, business services, manufacturing, and healthcare using vulnerabilities in software.

The Terms of Service page by the hackers, claim not to exploit the same vulnerability again.

“Current vulnerabilities will never be used by the team for further attacks. In case new vulnerabilities will be discovered, the company will be notified,” concluded the Terms of Service page by the 8BASE ransomware group.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link