Costa Edutainment SpA Targeted by 8Base Ransomware Group

Incident Date:

May 13, 2024

World map

Overview

Title

Costa Edutainment SpA Targeted by 8Base Ransomware Group

Victim

Costa Edutainment SpA

Attacker

8base

Location

Genova, Italy

, Italy

First Reported

May 13, 2024

Ransomware Attack on Costa Edutainment SpA by 8Base

Victim Overview

Costa Edutainment SpA, headquartered in Genova, Italy, specializes in operating aquariums, theme parks, and various entertainment venues with a strong focus on educational and interactive experiences for visitors of all ages. Their unique value proposition lies in seamlessly integrating culture, science, education, performance, emotion, and amusement into unforgettable experiences. As leaders in the industry of botanical gardens, zoos, and nature reserves, Costa Edutainment SpA provides a holistic approach to entertainment, enriching the minds of its patrons while providing enjoyment.

Company Vulnerabilities

The company was targeted by the 8Base ransomware group, known for its aggressive tactics and double-extortion methods. The company's vulnerabilities likely stem from the sensitive nature of the data they handle, including personal information, accounting documents, and more.

Attack Overview

The cyberattack on Costa Edutainment SpA led to the exposure of various confidential data, such as invoices, receipts, personal files, and more. The leaked data was fully published, indicating a significant breach of security.

Ransomware Group: 8Base

The 8Base ransomware group has gained notoriety for its aggressive tactics and double-extortion methods. They utilize ransomware strains like Phobos and target small to medium-sized businesses across various sectors. 8Base likely penetrated Costa Edutainment SpA's systems through phishing emails, exploit kits, or drive-by downloads. The use of double-extortion tactics adds pressure on victims to pay the ransom.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.