Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label RansomHouse. Show all posts
VMware Carbon Black
8Base 8Base Ransomware Cyber Attacks MalwareBytes Phobos RansomHouse Ransomware Ransomware group VMware Carbon Black

8Base Ransomware: Researchers Raise Concerns Over its Increased Activities


The 8Base ransomware has well maintained its covert presence, avoiding detection for over a year. Although, a recent investigation into the ransomware revealed a significant rise in its operation during the period of May and June. It has been made clear that the ransomware group has been active since at least March 2022. The threat group labels itself as “simple pentesters,” indicating a basic level of proficiency in penetration testing.

Details of the 8Base

According to a research conducted by Malwarebytes and NCC Group, as of May, the ransomware group may have been linked with a total of whopping 67 attacks. Among these cyber incidents, around half of the manufacturing, construction, and business services industries together account for around half of the affected firms. The targeted firms are primarily located in the United States and Brazil, indicating a geographic focus by the threat group. 

June saw a significant surge in ransomware activities. The fact that the offenders used a dual extortion tactic raised the stakes for their victims is notable.

A list of 35 victims who have been identified has so far been on the 8Base-affiliated dark web extortion site. There have even been occasions where up to six companies have fallen victim to the ransomware operators' nefarious activities at once on specific days.

According to the VMware Carbon Black team, based on its recent activities, and its similarities of ransom notes and content on leak sites along with identical FAQ pages, 8Base could as well be a rebranding of the popular ‘RansomHouse’ ransomware group. RansomHouse, however flexibly promotes its partnership, while 8Base does not.

It is also noteworthy that a Phobos ransomware sample was also discovered by the VMware researchers, that was utilizing the “.8base” file extension, indicating the 8Base could well be the successor of or utilizing the existing ransomware strain.

The researchers concluded that the efficient operations conducted by the 8Base ransomware group may continue to group, which could be an onset of a mature organization. However, it has not yet been made clear whether the group is based on Phobos or RansomHouse.

As for now, there are speculations on 8Base's use of various ransomware strains, whether it be in earlier iterations or as a fundamental component of its typical mode of operation. However, it is commonly known that this organization is very active, with a concentration on smaller firms as a significant target.  

Read more »
SLGA
ADATA cyber attack Cyber Attacks RansomHouse SLGA

ADATA: RansomHouse Cyberattack Result of a Leak of 2021 Data


Taiwanese chip manufacturer ADATA denies all allegations of a RansomHouse cyberattack. This is following the announcement that threat actors began posting stolen data on a leak website belonging to the data leak group. 

Earlier this week, the RansomHouse gang added ADATA files to their data leak site. In this leak, they claimed they had taken 1TB worth of documents during a cyberattack in the year 2022. To demonstrate how much information the gang had staked, the threat actors posted samples of supposed stolen files that appear to be from ADATA. 

"Based on several technical methods of checking, we believe what Ransomhouse alleged was fake data and that it was stolen by Ragnar Locker in 2021, which is all confirmed by ADATA's spokesperson," said BleepingComputer in an email. 

ADATA implemented effective methods to provide strong security following the Ragnar Locker attack in 2021. Since then, no attack on ADATA has been successful, and no confidential information about ADATA was leaked. 

It can be stated that based on the comparison of the timestamps for the data shared by RansomHouse and the data that Ragnar Locker leaked in June 2021, both sets of stolen data had similar timestamps, which meant that both files were no older than May 2021 when compared to the timestamps for the data shared by RansomHouse. 

The company added that RansomHouse left no ransom notes on their servers that would demonstrate that an attack had been conducted against their servers. Ransom House maintains that they have taken advantage of ADATA recently through a data theft attack and that they have negotiated with the company regarding the stolen data. 

RansomHouse - who are they? 


After the release of SLGA's files in 2021, RansomHouse's extortion operation ended when it leaked the passwords of its first victim, the Saskatchewan Liquor and Gaming Authority (SLGA). Although the threat actors claim that they don't use any ransomware in their attacks, the White Rabbit ransom notes link the encryption attacks to Ransom House. 

This is a key part of the Ransom House attack. In the latest attack, RansomHouse appears to have claimed responsibility for attacks on eight Italian municipalities. A ransomware attack occurred as a result of this incident and the encryption of files with a .mario extension was appended and a ransom note leaving a greeting of, "Buongiorno to my lovely Italy" appeared on affected computers. 

The RansomHouse operation has also targeted other high-profile companies, such as AMD and Shoprite Holdings, one of Africa's largest supermarket chains, as well as large governments.
Read more »
Subscribe to: Posts (Atom)