We had previously identified BeeVoip among the victims of the criminal group, but from the emerged information it appears the victim is instead Anic S.p.A., a company’s former customer.
We thank BeeVoip for the report, which allows us to improve the accuracy of our information service.
We invite anyone who needs to provide us with further information or request corrections to contact us via email or on our social channels.
Following further information provided to us directly by the Italian company BeeVoip, it is necessary to correct a detail from our previous post regarding the...
Today's HOT includes 7 ransomware victims by the notorious Akira, NoEscape, ALPHV/BlackCat, ThreeAM, 8Base and Cactus gangs. The average Cyber Risk Factor is 3.7. Read below the...
Today's HOT includes 13 ransomware victims by the notorious Dunghill Leak, ALPHV/BlackCat, NoEscape, Medusa, Akira, Qilin, 8Base and Cactus gangs. The average Cyber Risk Factor is 4.1....
The new ransomware group is called 8Base: they define themselves as “honest and simple pentesters” who offer their victims the most loyal conditions for the return of their data.
8Base presentation
Here’s what we’ve discovered so far.
It’s not such a new group
Although they have only now become known, it seems that the group’s operations have already begun in April 2022, while the last victims date back to May 2023.
With Hackmanac we analyzed their DLS (Dedicated Leak Site) on the Dark Web and we discovered that at the moment there were 66 victims, 45 in 2022 and 21 in 2023, who evidently refused the negotiations.
The list of victims is in fact accompanied by the complete publication of the data stolen during the attack.
They mostly target SMBs
8Base seems to target mainly small and medium-sized companies, mostly belonging to the Professional / Scientific / Technical sector (36% of attacks known so far) and Manufacturing (17%).
8Base victims
Other sectors affected to a lesser extent are:
Wholesale/Retail
Construction
Healthcare
ICT
Financial/Insurance
Transportation/Storage
Organizations
Agriculture / Forestry / Fishing
Education
Gov/Mil/LE
Other Services
The victims are mainly in America and Europe
Analyzing the victims listed in the 8Base DLS, it appears that two thirds of the victims are in America (62%), while a further quarter in Europe (24%).
8Base affected continents
The most targeted countries are the United States and Brazil:
8Base affected countries
Other less affected countries are:
Australia
Germany
UK
Mexico
Portugal
Belgium
Egypt
China
Spain
Madagascar
France
Peru
Canada
Turkey
Guatemala
Venezuela
India
Italy
Among the victims also the Italian company SiComputer, attacked on 03/29/2023 and whose data were published a month later.
8Base SiComputer victim
They have very clear ideas
A characteristic of the group is that their ransom note is particularly detailed.
In addition to the payment terms in bitcoins, clear instructions are in fact provided which prohibit the involvement of third parties, such as the police, agencies (FBI, CIA, NSA, …) or negotiators.
8Base terms of service
Finally, specific guarantees are provided on the management of the data held by the group.
As in the case of MalasLocker, which we wrote about in our previous article, we are once again in the presence of a cybercriminal group that mainly targets small and medium-sized businesses. This trend, which seems popular recently, highlights how small companies are a frequent target of cybercriminal operations.
The advice is to monitor computer systems, keep them updated and be aware of cyber threats.
Following further information provided to us directly by the Italian company BeeVoip, it is necessary to correct a detail from our previous post regarding the...
Today's HOT includes 7 ransomware victims by the notorious Akira, NoEscape, ALPHV/BlackCat, ThreeAM, 8Base and Cactus gangs. The average Cyber Risk Factor is 3.7. Read below the...
Today's HOT includes 13 ransomware victims by the notorious Dunghill Leak, ALPHV/BlackCat, NoEscape, Medusa, Akira, Qilin, 8Base and Cactus gangs. The average Cyber Risk Factor is 4.1....
MALASLOCKER, THE ROBIN HOOD OF THE RANSOMWARE GANGS
There is a new cybercriminal ransomware group in town: as reported by Bleeping Computer, the gang goes under the identifier of MalasLocker and targets small and medium companies worldwide.
The group seems specialized in the hacking of Zimbra servers to steal emails and encrypt files.
So far, everything fairly standard.
What sets this criminal group apart is their ransom demand: the request actually involves a donation to a nonprofit organization of the victim’s choice.
It appears that the primary interest of this group is charity rather than personal gain.
A highly active group
According to reports, the gang’s criminal operations began at the end of March.
With Hackmanac, we have analyzed MalasLocker’s blog to better understand how many victims have been listed so far.
From our initial analysis we have found 169 victims worldwide that the group put under “Defaulters” category.
MalasLocker global victims list
The most concerning aspect is that the leaked data includes clear-text passwords, not only from Zimbra but also from the LDAP systems.
Italy among the affected countries
Among the victims, we have also found 41 Italian companies(24.26% of the total listed targets):
Banco Azzoaglio
azzoaglio.it
Aster Cucine
astercucine.it
KondorCS
kondorcs.com
Azzurra Group
azzurrabagni.com
Studio Negri e Associati
negriassociati.com
HostingPerTe
hostingperte.it
D&G impianti elettrici
degimpiantielettrici.it
Sallemi Carburanti
sallemicarburanti.it
BEI Srl
beisrl.it
Transitus Group
trw-italia.com
Mappy Italia
mappyitalia.com
Balbi Srl
balbi.it
Steelgroup
steelgroup.com
Pasquetti Sarti & Partners
pspartners.it
Studio Eco Perucca
studioecoperucca.it
Studio Rossetti e Partners
studiorossetti.net
Riboli srl
riboli.it
Studio Consulenza
studioconsulenza.com
3Punto6
3punto6.com
FEA srl
feasrl.eu
Grassi srl
grassionline.com
Vegliolux
veglio.com
AVM Software & Technology
avm-it.com
Specialinsert
specialinsert.it
PMP Meccanica
pmpmeccanica.com
ATE Elettronica
atesistemi.it
Onubo s.r.l.
onubo.com
Commerciale Ferramenta
commercialeferramenta.it
Winner Italia
winnercenter.it
Villa Grazioli
villa-grazioli.it
NTA srl
ntasrl.com
Confindustria Energia
confindustriaenergia.org
FinRe Consulting
finreconsulting.it
Next Generation Srl
nextgenerationsrl.it
Studio Papa
studiopapa.net
Hotel Smeraldo
smeraldoroma.com
AMET
amet.it
Livitek
livitek.com
Propac S.r.l.
propac.it
Anic S.p.A
amedeonappi.it
Anstel
anstel.it
The Italian victims belong to various sectors:
Manufacturing (12)
Professional / Scientific / Technical (11)
ICT (9)
Telco (1)
Hospitality (2)
Construction (2)
Energy (1)
Financial (1)
Wholesale / Retail (1)
Organizations (1)
Affected victims categories in Italy
In Italy, MalasLocker primarily targets the Manufacturing sector, which was already heavily impacted by cyber attacks last year (as highlighted in our Hackmanac Cyber Attacks Global Report 2023): 27% of the group’s attacks are directed at this category.
An additional 27% of attacks target the Professional / Scientific / Technical sector, while 22% affect ICT category.
A cunning threat
Zimbra is a widely used application, with over 220,000 customers in more than 140 countries.
Unfortunately, like all applications, Zimbra is not immune to vulnerabilities: during our analysis of cyber attacks, we classified several incidents resulting from Zimbra vulnerability exploits (9 in 2022 and already 2 in 2023), many of which were critical.
The fact that the primary targets of this group are small and medium enterprises does not improve the overall situation.
Often, SMEs are more exposed to cyber threats as their defense capabilities and dedicated technical personnel for Cyber Security are lower compared to those of large companies.
Therefore, the advice is to keep Zimbra systems up to date and ensure that the configuration is as hardened as possible.
Following further information provided to us directly by the Italian company BeeVoip, it is necessary to correct a detail from our previous post regarding the...
Today's HOT includes 7 ransomware victims by the notorious Akira, NoEscape, ALPHV/BlackCat, ThreeAM, 8Base and Cactus gangs. The average Cyber Risk Factor is 3.7. Read below the...
Today's HOT includes 13 ransomware victims by the notorious Dunghill Leak, ALPHV/BlackCat, NoEscape, Medusa, Akira, Qilin, 8Base and Cactus gangs. The average Cyber Risk Factor is 4.1....