Emerging Ransomware Group 8Base Doxxes SMBs Globally

A threat youve never heard of is using double extortion attacks on mom-and-pop shops around the globe.

A ransomware group that operated under the radar for over a year has come to light in recent weeks, thanks to a series of business data leaks on the Dark Web.
Since at least April 2022, 8base — not to be confused with the Florida-based software company of the same name — has been conducting double-extortion attacks against small and midsized businesses (SMBs). It all came to a head in May, when the group dumped data belonging to 67 organizations on the cyber underground.
It didnt end there. Weve been keeping an eye on what theyre doing, and this month theyre busy again, says Matt Hull, global head of threat intelligence at NCC Group. 8base has already doxxed 29 new businesses this month.
Not much is known yet about the groups tactics, techniques, and procedures (TTPs), likely due to the low profile of their victims. According to
data scraped from their leak site
, those victims include a British cleaning company, a sanitation company in Egypt, a private school in a Boston suburb, and a CPA in New York, among others of a similar profile.
The victims span science and technology, manufacturing, retail, construction, healthcare, and more. Theyre wisely distributed geographically as well: a shipping company in India, a Peruvian gift basket company, and a corrugated cardboard manufacturer in Madagascar. The majority, however, are focused in North America — around a third of the total — and South America. A dozen victims in both May and June were based in Brazil, in line with
a recent wave of Brazilian cyberattacks
more generally.
With little yet known about 8base (its part of a
wave of ransomware newbies
entering the market), one aspect of the group that is very clear is their preferred mode of operation. In a terms-of-service section of their leak site (see graphic), the group laid out 13 rules for their victims and themselves, written in ersatz legalese: Participation of police departments is prohibited, and Personal data will not be shared with third parties by the team.
Whether the gang is as honest as it would like you to think is another matter. On the About Us page, the hackers perfidiously claim, We are honest and simple pentesters, adding that this list contains only those companies that have neglected the privacy and importance of the data of their employees and customers.
NCCs Hull says 8base is not the first group to operate like this. I think its a result of the successes that other groups are having with these types of tactics, he notes.
Though 8base isnt breaking any new ground, actually defending against their tried-and-true methods is another matter.
Budgets are tight, particularly for the smaller organizations. These organizations arent going to be able to pay for a SOC or other advanced detection capabilities, Hull notes. The main thing that anyone can do, whether its an individual or small business, is get the fundamentals right. He points to
password hygiene
,
multifactor authentication
, and
social engineering awareness
as three simple changes small businesses can make to better their security without breaking the bank.
Getting a hold of the basics goes a long way, he adds.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Emerging Ransomware Group 8Base Doxxes SMBs Globally