Ransomware Group
8Base
Also known as: 8Base Ransomware, EightBase
Status: active • First seen 2022-03 • 400+ known victims
8Base calls themselves "honest penetration testers" but they're really just criminals. They go after small and medium businesses that can't afford big security teams. They attack many companies at once - sometimes 5-10 per day - and use aggressive public shaming tactics on their leak site.
Overview
8Base is an aggressive ransomware group that presents itself as "penetration testers" exposing negligent companies. They primarily target small to medium businesses and have been extremely active, often attacking multiple victims per day. The group uses a modified version of Phobos ransomware.
Target Industries
Manufacturing, Professional Services, Construction, Retail, Healthcare, Information Technology
How They Attack
- • SmokeLoader malware deployment
- • Phishing emails
- • Exploiting vulnerable VPNs and RDP
- • SystemBC for C2 communication
- • Using Phobos ransomware variant
Notable Victims
Multiple small manufacturing companies, Various professional services firms, Numerous construction companies, Small healthcare practices
Is your business exposed?
How to Protect Against 8Base
- 1.
Block SmokeLoader indicators at perimeter
- 2.
Implement email filtering for malicious attachments
- 3.
Secure all VPN and RDP access with MFA
- 4.
Deploy endpoint protection capable of detecting Phobos
- 5.
Small businesses: consider managed security service
Huntress, Arctic Wolf, or similar
MITRE ATT&CK Techniques
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required