New Ransomware Gang 8BASE Behind Surge of May Attacks
This post is also available in: 
עברית (Hebrew)
This year, the month of May was full of ransomware attacks. More specifically, the number of ransomware attacks on organizations worldwide surged nearly 25% this May, the highest amount recorded so far this year. Research shows a total of 436 ransomware victims reported in May, compared to 352 in April.
A possible reason for the increase is a new gang known as 8BASE. The gang was responsible for publishing the data of 67 victims in the last month, which is more than 15% of all victims from May.
Matt Hull, Global Head of Threat Intelligence at NCC Group who conducted this research, said the volume of attacks targeting high-profile organizations is also rising this year. Hull stated that the rise in high-profile attacks “has led to greater public attention towards the evolving threat landscape, which contributes to a growing understanding of the severity and impact of ransomware incidents can have, and why organizations must be proactive in their cyber defenses.”
So who are 8BASE?
According to Cybernews, 8BASE like other dark leak sites has a page dedicated to victims, a set of rules for negotiating, and will only accept a ransom payment in Bitcoin. And like most other gangs, they also claim they are “honest and simple pentesters” looking to make some money for the greater good. “This list contains only those companies that have neglected the privacy and importance of the data of their employees and customers,” 8BASE said.
According to the NCC intelligence report, 8BASE typically uses “double extortion” on its victims. In a double extortion attack, the hackers will breach their target and exfiltrate what sensitive information they can access, all before encrypting the company’s data files and/or network servers. The hackers then demand a payout – not only to hand over a decryption key to the victim, but to delete the data stolen in the breach.
This method most likely evolved as organizations began to proactively create and store back-ups of their network systems, making a decryption key unnecessary for most companies to restore its data. The hackers, who can easily make copies of the stolen data for future use, may decide to publish or sell the data anyway, despite a ransom being paid.
