November 1, 2023
TLP:CLEAR
Report: 202311011500
Executive Summary
A recent attack on a U.S.-based medical facility in October 2023 highlights the potential threat of the
ransomware gang, 8Base, to the Healthcare and Public Health (HPH) sector. Active since March 2022,
8Base became highly active in the summer of 2023, focusing their indiscriminate targeting on multiple
sectors primarily across the United States. This surge in operational activity included the group’s
engagement in double extortion tactics as an affiliate of Ransomware-as-a-Service (RaaS) groups against
mostly small- to medium-sized companies. While similarities exist between 8Base and other ransomware
gangs, the group’s identity, methods, and motivations remain largely unknown. What follows is an overview
of the group, possible connections to other threat actors, an analysis of their ransomware attacks, their
target industries and victim countries, impacts to the HPH sector, MITRE ATT&CK techniques, indicators of
compromise, and recommended defenses and mitigations against the group.
Access the full report at https://www.hhs.gov/sites/default/files/8base-ransomware-analyst-note.pdf