New Ransomware Actor 8Base Rivals LockBit in Extortion

The new ransomware group 8Base is fast becoming a big player in the underground market, amassing nearly 40 victims in June – second only to the notorious LockBit ransomware gang.

See Also: Live Webinar | Reclaim Control over Your Secrets – The Secret Sauce to Secrets Security

The group has hit nearly 80 organizations since March 2022 and uses the double-extortion tactics of encryption and “name and shame,” according to a new report from VMware.

8Base was responsible for 15% of the attacks in May, as the group began releasing data from victims breached between April 2022 and May 2023, said a report the NCC Group released last week. Ransomware attacks soared in May, hitting 436 victims. Lockbit 3.0 remained the most active threat actor in 2023 and was responsible for 78 known victims and 18% of all incidents tracked in May.

The majority of 8Base targets are in the industrial sector, the NCC Group said. VMware said business services, finance, manufacturing and IT industries are also targets. The group so far has listed 38 victims in June. It uses a data leak site, a Twitter account and a Telegram channel to publicize its victims’ names.

The 8Base group’s activity is similar to the less-active RansomHouse ransomware gang, which buys leaked data, partners with data leak sites and then extorts companies for money.

The language on the…