Victim Name | Nexus Telecom Switzerland AG |
Downloaded Date | 16.01.2024 |
Publish Date | 23.01.2024 |
Victim Description | Nexus Telecom provides telecom management systems including network monitoring, VoIP & VoLTE / IMS service assurance and customer experience information. |
Threat Actor Comments | Were uploaded to the servers: Invoice Receipts Accounting documents Personal data Certificates Employment contracts A huge amount of confidential information Confidentiality agreements Personal files Other |
Number of Dark Web Views (at time of scraping) | views: 5908 |
8Base Ransomware Group
The ‘8Base’ ransomware group, also known as ‘EightBase,’ is a significant cyber threat that has gained notoriety for its sophisticated evasion tactics and high-impact activities. The group has been observed employing double extortion tactics, encrypting victims’ files and exfiltrating their data, threatening to publicly release the stolen information if ransom demands are not met. 8Base has targeted a wide range of victims across various industry types, primarily focusing on small and medium-sized businesses, with the United States, Brazil, and the United Kingdom being the most affected countries[1].
The group’s operations have been characterized by their rapid evolution and adaptation, leveraging old and new techniques, as well as exploiting novel vulnerabilities as they are discovered. 8Base ransomware payloads encrypt all available local drives, encrypting standard data file extensions in a rapid and efficient manner using AES256 in CBC mode. Any attached share or drive volume will be subject to the encryption process as well. Once encrypted, files will have the .8base extension appended to them at times accompanied by the victim ID[2].
The emergence of the 8Base ransomware group has underscored the evolving tactics of cybercrime groups, with a shift towards data extortion and the use of public data leak sites to pressure victims into paying ransoms. The group’s rapid escalation of attacks targeting victims across numerous industries and countries has highlighted the importance of proactive security measures and the need for organizations to remain vigilant in the face of evolving ransomware threats[1].
To protect against 8Base ransomware attacks, organizations are advised to establish robust prevention and response frameworks, maintain up-to-date security measures, conduct regular training and awareness programs, and invest in advanced security solutions such as Endpoint Detection and Response (EDR) and Multi-Factor Authentication (MFA). Additionally, maintaining regular backups of critical data in multiple secure locations and utilizing ‘Golden Images’ for critical systems are recommended as proactive measures against ransomware attacks[1].
Citations:
- [1] https://provendata.com/blog/8base-ransomware/
- [2] https://sentinelone.com/anthology/8base/
- [3] https://techtarget.com/searchsecurity/news/366563096/How-ransomware-gangs-are-engaging-and-using-the-media
- [4] https://hhs.gov/sites/default/files/8base-ransomware-analyst-note.pdf
- [5] https://malpedia.caad.fkie.fraunhofer.de/details/win.8base
Disclaimer: HookPhish does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any files or stolen information. Any legal concerns regarding the content should be directed at the attackers, not HookPhish. This blog is dedicated to posting editorial news, alerting readers about companies falling victim to ransomware attacks. HookPhish has no affiliation with ransomware threat actors or groups, and it does not host infringing content. The information on this page is automatically generated and redacted, sourced directly from the Onion Dark Web Tor Blogs pages.