Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label VMware Carbon Black. Show all posts

8Base Ransomware: Researchers Raise Concerns Over its Increased Activities


The 8Base ransomware has well maintained its covert presence, avoiding detection for over a year. Although, a recent investigation into the ransomware revealed a significant rise in its operation during the period of May and June. It has been made clear that the ransomware group has been active since at least March 2022. The threat group labels itself as “simple pentesters,” indicating a basic level of proficiency in penetration testing.

Details of the 8Base

According to a research conducted by Malwarebytes and NCC Group, as of May, the ransomware group may have been linked with a total of whopping 67 attacks. Among these cyber incidents, around half of the manufacturing, construction, and business services industries together account for around half of the affected firms. The targeted firms are primarily located in the United States and Brazil, indicating a geographic focus by the threat group. 

June saw a significant surge in ransomware activities. The fact that the offenders used a dual extortion tactic raised the stakes for their victims is notable.

A list of 35 victims who have been identified has so far been on the 8Base-affiliated dark web extortion site. There have even been occasions where up to six companies have fallen victim to the ransomware operators' nefarious activities at once on specific days.

According to the VMware Carbon Black team, based on its recent activities, and its similarities of ransom notes and content on leak sites along with identical FAQ pages, 8Base could as well be a rebranding of the popular ‘RansomHouse’ ransomware group. RansomHouse, however flexibly promotes its partnership, while 8Base does not.

It is also noteworthy that a Phobos ransomware sample was also discovered by the VMware researchers, that was utilizing the “.8base” file extension, indicating the 8Base could well be the successor of or utilizing the existing ransomware strain.

The researchers concluded that the efficient operations conducted by the 8Base ransomware group may continue to group, which could be an onset of a mature organization. However, it has not yet been made clear whether the group is based on Phobos or RansomHouse.

As for now, there are speculations on 8Base's use of various ransomware strains, whether it be in earlier iterations or as a fundamental component of its typical mode of operation. However, it is commonly known that this organization is very active, with a concentration on smaller firms as a significant target.  

Cerber Ransomware Returns: Targeting Healthcare Industry

 

Cerber, a type of ransomware that once was the most popular choice for cybercriminals, has returned and is used for targeting health care organizations. In 2020, COVID-19 test technology, healthcare firms have driven digital innovation. However, it is important to note that unprecedented safety flaws also emerged with these advances, which cybercriminals rapidly sought to take advantage of. 

Cerber ransomware is ransomware-as-a-service (RaaS), which means that the attacker authorizes Cerber ransomware over the internet. Cerber has climbed up the category of sophisticated ransomware. In 2017, it was the most powerful ransomware family with 90 percent of all ransomware attacks on Windows systems at one point. Usually, the attacker can adapt and deliver the ransomware while retaining the entire currency, however by setting up Cerber, the developer and partner can send further execute the attack with less effort. 

Usually, ransoms were amounted to a few hundred dollars – a tiny sum relative to today's ransomware strikes that demanded hundreds of thousands or millions for a decryption key, yet Cerber's influence led several victims to settle ransom demands and provide Cerber's creators and affiliates with a lucrative business model. At times cyber attackers also spread ransomware via phishing e-mails or compromised websites. 

The cybersecurity researchers at security company - VMware Carbon Black have identified Cerber as the most common ransomware targeting healthcare as of late. Back in 2020, they found that there were 239.4 million attempted cyberattacks targeting VMware Carbon Black healthcare customers. The average number of attempted attacks in 2020 was 816 on average, a stupefying rise of 9,851 percent from 2019. 

The rise in attacks started in February when the pandemic began to spread globally. The number of attempted attacks rose by 51 percent between January and February when hackers turned their focus to vulnerable healthcare institutions, which witnessed a huge improvement in their way of working and handling patients. 

"Although old malware variants such as Cerber tend to resurface, these are often re-factored to include new tricks, though at the core are still leveraging tried and true techniques," stated Greg Foss, senior cybersecurity strategist at VMware Carbon Black. 

He further added, "All it takes is a quick search on the dark web for someone to license out a ransomware payload to infect targets. Today, it's unfortunately just as easy to sign up for a grocery delivery service as it is to subscribe to ransomware.” 

Unfortunately, hospitals are a frequent target for cyber criminals who spread ransomware because health care is focused on networks that are open to patients. This can also lead to hospitals making fast decisions to pay a ransom request because observably, it is the only way to prevent jeopardizing patients' privacy and to stop hackers from releasing compromised records, which can be very serious threat in healthcare.