8Base mainly uses phishing scams with malicious links to get to the beginning and, like most ransomware groups, relies on various or system utilities, third-party hacking tools and malicious programs: Mimikatz, LaZagne, PasswordFox, KILLAV, SmokeLoader, SystemBC, PCHunter, GMER. , Process Hacker and more. The custom Phobos file encryptor used by the team adds a .8base extension to encrypted files.
8Base has been able to compromise organizations from many industries, including manufacturing, finance, legal services, construction, and healthcare, but the majority of its victims are small businesses with fewer than 200 employees.
Akira
Akira is a group that first appeared in April 2023 and was thought to be an offshoot of the defunct Conti group because its file creator shared many code similarities with Conti’s ransomware program. However, Conti’s file encryptor code has been leaked so this is not a solid link, but blockchain analysis has also revealed possible links to Conti’s operations.
Source link