8Base Group Strikes SOA Architecture with Ransomware Attack

Incident Date:

April 15, 2024

World map



8Base Group Strikes SOA Architecture with Ransomware Attack


SOA Architecture




Columbia, USA

Montana, USA

First Reported

April 15, 2024

Ransomware Attack on SOA Architecture by 8Base Group

Attack Overview

SOA Architecture, a Missouri-based architectural firm, has recently fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group, 8Base. The attack was disclosed through 8Base's dark web leak site, indicating a potential breach of sensitive data including financial documents, employee contracts, and personal files.

Company Profile

Founded in 1987, SOA Architecture specializes in integrated design solutions across various sectors such as education, healthcare, and corporate environments. The firm is recognized for its commitment to sustainable design and early adoption of Building Information Modeling (BIM) technologies. With a reported revenue of $4 million in 2023 and a workforce of approximately 15-50 employees, SOA Architecture is a notable player in the mid-Missouri architectural landscape.

Vulnerabilities and Target Profile

The size and industry of SOA Architecture make it a typical target for groups like 8Base, which predominantly attacks small to medium-sized businesses. The firm's reliance on digital technologies such as BIM, coupled with the sensitive nature of architectural data, increases its attractiveness and vulnerability to cybercriminals seeking valuable data for extortion.

Ransomware Group Details

8Base has been active since early 2022, gaining notoriety for its aggressive double-extortion tactics. This group is known for encrypting victim's data and threatening to release it publicly if their ransom demands are not met. The use of Phobos ransomware, customized with a ".8base" file extension, is a hallmark of their operations.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.