The Infamous Ransomware 8 Base Group Hits: Groupe PROMOBE in a recent cyber attack, raising concerns about cybersecurity vulnerabilities. To stay ahead of emerging threats, fortify your online security with the HookPhish Dark Web Monitoring platform. Explore HookPhish Dark Web Monitoring.
| Victim Name | Groupe PROMOBE |
| Downloaded Date | 13.12.2023 |
| Publish Date | 20.12.2023 |
| Victim Description | The PROMOBE Group has been active in Luxembourg and internationally in the following areas• * Real Estate: Development and construction of residential and office projects in Luxembourg for 40 years. Purchase, sale and rental of residential real estate and office real estate. Initiator of the new modern district of the Golden Bell and its remarkable architectural buildings. Axento & Impakt are the exclusive real estate agencies of Promobe. DOVIT home automation solutions for homes and buildings for more comfort, security and energy. Hotel industry: Belgium, Luxembourg and Italy. * Food & Beverage: the FANI starred restaurant in Roeser, the Vinissimo Italian delicatessen and its Cloche d’Or restaurant, the Premio restaurant located in the Preisch Golf course. The supply of Italian products for catering and mass distribution under the Eurofood, Eurovins, Europoint brands. (Exclusive distributor: Lavazza coffees, Cecco pasta, wine from the Perticaia winery, etc.). * Sport: the Preisch Golf course, the Swift Hesperange football club (LU), Leopard Racing – Moto 3 (3 world championship titles) and the Viterbo circuit in Italy. * Watchmaking / Jewelry: Les Ambassadeurs boutiques, the Omega, Messika, Vulcain and Anonimo brands. * Communication & Marketing : WAIT communication agency |
| Threat Actor Comments | Were uploaded to the servers: Invoice Receipts Accounting documents Personal data Certificates Employment contracts A huge amount of confidential information Confidentiality agreements Personal files Other |
| Number of Dark Web Views (at time of scraping) | views: 17883 |
8Base Ransomware Group
The ‘8Base’ ransomware group, also known as ‘EightBase,’ is a significant cyber threat known for sophisticated evasion tactics and high-impact activities. Utilizing double extortion tactics, the group encrypts victims’ files and exfiltrates their data, threatening public release unless ransom demands are met. 8Base targets a range of victims, especially small and medium-sized businesses, with the United States, Brazil, and the United Kingdom being the most affected countries[1].
The group’s operations are marked by rapid evolution, leveraging both old and new techniques and exploiting novel vulnerabilities. 8Base ransomware payloads efficiently encrypt local drives and standard data file extensions using AES256 in CBC mode. Attached shares or drive volumes are also subject to encryption. Encrypted files receive the .8base extension, sometimes accompanied by the victim ID[2].
The emergence of the 8Base ransomware group highlights the evolving tactics of cybercrime, emphasizing data extortion and the use of public data leak sites to pressure victims into paying ransoms. The group’s rapid escalation of attacks emphasizes the need for proactive security measures and organizational vigilance against evolving ransomware threats[1].
To guard against 8Base ransomware, organizations should establish robust prevention and response frameworks, maintain up-to-date security measures, conduct regular training, invest in advanced security solutions like Endpoint Detection and Response (EDR) and Multi-Factor Authentication (MFA). Additionally, maintaining regular backups in multiple secure locations and using ‘Golden Images’ for critical systems are recommended proactive measures[1].
Citations:
- [1] https://provendata.com/blog/8base-ransomware/
- [2] https://sentinelone.com/anthology/8base/
- [3] https://techtarget.com/searchsecurity/news/366563096/How-ransomware-gangs-are-engaging-and-using-the-media
- [4] https://hhs.gov/sites/default/files/8base-ransomware-analyst-note.pdf
- [5] https://malpedia.caad.fkie.fraunhofer.de/details/win.8base
Disclaimer: HookPhish does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any files or stolen information. Any legal concerns regarding the content should be directed at the attackers, not HookPhish. This blog is dedicated to posting editorial news, alerting readers about companies falling victim to ransomware attacks. HookPhish has no affiliation with ransomware threat actors or groups, and it does not host infringing content. The information on this page is automatically generated and redacted, sourced directly from the Onion Dark Web Tor Blogs pages.