8Base attacks Speedy

Incident Date:

April 22, 2024

World map



8Base attacks Speedy






Nanterre, France

, France

First Reported

April 22, 2024

The 8Base Cybercrime Group Compromises Speedy in France


The 8Base cybercrime group has reportedly compromised Speedy in France. The group exfiltrated various sensitive documents and personal data from the company.

About Speedy

Speedy is a French company that specializes in retailing tires, batteries, filters, mechanical equipment, and accessories such as windshield wipers, number plates, and spark plugs. They also offer maintenance packages, repair services, and an online shopping website for customers.

8Base Cybercrime Group

The 8Base ransomware gang emerged in March of 2022 and has become one of the most active groups today. They target organizations in business services, manufacturing, and construction sectors. The group is believed to be connected to experienced RaaS operators like Ransomhouse.

Modus Operandi

8Base engages in data exfiltration for double extortion and uses advanced security evasion techniques. They have been known to modify Windows Defender Firewall for bypass. The group primarily uses customized Phobos with SmokeLoader for their attacks and wipes Volume Shadow Copies (VSS) to prevent rollback of encryption.

Targets and Tactics

8Base focuses on Windows targets and tends to target organizations in Business Services, Manufacturing, Financial, and Information Technology sectors. They do not appear to have a RaaS program but instead choose victims opportunistically. The group uses a "name and shame" tactic via their leaks site to compel payment of ransom demands.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.