8Base Ransomware Group Exposed: Moldovan Developer Linked to 'Name-and-Shame' Site
The 8Base ransomware group, known for its 'name-and-shame' tactics, has been exposed following a leak of its victim shaming website. The group, which describes itself as 'simple pen testers', has been using public pressure to compel victims to pay ransoms.
The 8Base group's darknet site has been accessible to the public, displaying a 'plane' image and a welcoming message on its 'admin' login page. The site lists hundreds of victim organizations and includes a chat feature for potential negotiations.
Investigations into the site's code have revealed intriguing connections. A verbose error message on the site exposed its true internet address, leading to a private Gitlab server. The HTML code of the 8Base admin page is virtually identical to a 'login.blade.php' page in the JCube Group's public Gitlab repository.
The leaked data suggests that a 36-year-old programmer from Moldova, Andrei Kolev, is likely responsible for the JCube Group's code. While there's no direct evidence, it's suspected that Kolev may also be involved in the 8Base ransomware group's website.
The 8Base ransomware group's operations have been partially exposed, with links to a Moldovan developer and a public Gitlab repository. The group's use of public shaming and its darknet site's features are now more understood. However, the full identity and extent of the group's activities remain under investigation.
