Double extortion attacks by 8Base ransomware ramp up

Organizations around the world have been increasingly targeted with double extortion attacks by the 8Base ransomware operation beginning this month after being relatively stagnant since its emergence in March 2022, according to BleepingComputer. While fewer than 10 organizations have been listed by the ransomware group from March to May, 8Base has noted 35 victims so far this month, a report from VMware revealed. Attacks by 8Base involved the utilization of SmokeLoader to load a custom Phobos v2.9.1 ransomware variant, which resembles the code of the Dharma ransomware gang. Moreover, the group's payload hosting domain was found to be linked to the SystemBC proxy malware. 8Base, which declares itself to be a group of "honest and simple pentesters," has been suspected to be a rebrand of the RansomHouse ransomware operation due to the similarities between both groups' ransom notes and leak site content but researchers also noted the possibility RansomHouse may have only been emulated by the nascent ransomware operation.