Skip to content
8base is among the top 5 ransomware groups this summer
8base is among the top 5 ransomware groups this summer

News -

8base ransomware group significantly boosts activity level

  • 8base is among the top 5 ransomware groups this summer, and Logpoint has uncovered the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise IoCs to look out for.
  • The ransomware group targets small and medium-sized organizations, which are less likely to have strong security measures.

COPENHAGEN, Denmark, August 24, 2023 – The 8Base ransomware group has emerged as a persistent and formidable adversary in the ever-changing landscape of cyber threats, targeting multiple sectors, especially small and medium-sized industries. The group appeared in March 2022, and since June, the activity level has increased significantly, putting the group in the top 5 most active.

“In general, small and medium-sized organizations are more likely to struggle with small security budgets and cybersecurity shortages, which is a dangerous cocktail when a ransomware group like 8base is coming for them,” says Anish Bogati, Logpoint Security Research Engineer. “Small and medium-sized organizations, in particular, should familiarize themselves with 8base, and more importantly, ramp up on security measures to safeguard against it. Understanding the adversary is the key to devising better defensive strategies.”

Logpoint’s research has uncovered the 8base infection chain through malware analysis. 8base use multiple malware families to achieve their goals, including SmokeLoader and SystemBC, in addition to the Phobos ransomware payload. The ransomware group primarily gains initial access through phishing emails and utilizes Windows Command Shell and Power Shell to execute the payload. The adversaries use multiple techniques to ensure persistence within the system, evade defenses, and reach their goals.

Logpoint’s analysis reveals what security teams should look for to detect 8base activity in the system, including suspicious child processes spawned by Microsoft Office products, file executing using WScript or CScript, or scheduled task creation. Knowing the indicators of compromise and TTPs helps organizations proactively identify and mitigate suspicious activities associated with 8base.

“Small and medium-sized organizations must ensure capabilities that enable them to detect and respond to 8base activity at any stage of the infection,” says Anish Bogati. “Proper logging, visibility of assets, and monitoring are essential to a robust cybersecurity strategy because they provide an overview of the network and help to detect anomalies like file dropped in publicly writable folders, modification of registry values and suspicious scheduled task that may indicate a security threat like 8base is at large.”

Read Logpoint’s full report about 8base here and get an in-depth malware analysis, technical analysis, and all means of detecting, investigating, and responding to the threat.

Related links

Topics

Categories

Contacts

Maimouna Corr Fonsbøl

Maimouna Corr Fonsbøl

Press contact Head of PR PR & Communications +45 25 66 82 98

Related content

Logpoint releases comprehensive new capabilities to its converged cybersecurity operations platform, helping security analysts to work more efficiently and decrease the time to respond to threat

Logpoint launches enhanced observability capabilities to speed up response

Logpoint releases comprehensive new capabilities to its converged cybersecurity operations platform, helping security analysts to work more efficiently and decrease the time to respond to threats. A new case management interface provides a quick overview for security analysts to make managing cases and resolving incidents easier.

Akira: A new ransomware gang wreaks havoc

Akira: A new ransomware gang wreaks havoc

Emerging in March this year, Akira quickly joined the most active ransomware groups as number four. Logpoint has analyzed the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise IoCs enabling protection.

Logpoint has collated a report highlighting the TTPs and IoCs applied by Cactus to create alert rules to detect methods the group uses

Cactus: Defending against a ransomware newcomer

Cactus emerged in March this year and has since built an extensive portfolio of high-profile victims. Logpoint has analyzed Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IoCs) to establish defenses.
COPENHAGEN, Denmark, November 27, 2023 – Cactus has emerged as a sophisticated ransomware group with a severe impact on its victims. The newcomer first appeared in March

The infamous state-sponsored Advanced Persistent Threat (APT) linked to Russia remains active, posing a severe threat to organizations

Cozy Bear: Unmasking the decades-long espionage arsenal

The infamous state-sponsored Advanced Persistent Threat (APT) linked to Russia remains active, posing a severe threat to organizations. Logpoint has analyzed the Tactics, Techniques, and Procedures (TTPs), helping organizations detect the threat actor.