Kerkstoel Group Faces Major 8Base Ransomware Threat
Incident Date:
October 9, 2024
Overview
Title
Kerkstoel Group Faces Major 8Base Ransomware Threat
Victim
Kerkstoel
Attacker
8base
Location
First Reported
October 9, 2024
Kerkstoel Construction Sector Hit by 8Base Ransomware Attack
The Kerkstoel Group, a prominent player in the European construction industry, has recently fallen victim to a ransomware attack orchestrated by the notorious 8Base group. This attack has compromised a significant amount of sensitive data, including financial documents, personal files, and confidential agreements, highlighting the persistent threat ransomware poses to businesses worldwide.
About Kerkstoel Group
Kerkstoel Group, headquartered in Grobbendonk, Belgium, is renowned for its specialization in precast concrete components and ready-mix concrete. The group operates through key subsidiaries, including Kerkstoel 2000+ and Kerkstoel Beton. Kerkstoel 2000+ is recognized as one of Europe's leading manufacturers of precast concrete products, such as wide slabs and double walls. The company is ISO 9001 certified, emphasizing its commitment to quality and innovation. With approximately 165 employees, Kerkstoel 2000+ is classified as a medium-sized enterprise, known for its flexibility and customer-centric approach.
Details of the Ransomware Attack
The 8Base ransomware group, known for its aggressive double-extortion tactics, claimed responsibility for the attack on Kerkstoel. The breach, made public on September 23rd, involved the exfiltration of sensitive data, including invoice receipts, accounting documents, and employment contracts. Despite the ransom deadline passing on September 30th, the data has not been released, leaving the status of negotiations uncertain. This incident is part of a larger campaign by 8Base, targeting 13 companies across various industries and countries.
Profile of the 8Base Ransomware Group
Emerging in April 2022, the 8Base ransomware group has evolved into a sophisticated operation, employing AES-256 encryption and double extortion tactics. The group typically gains access through phishing emails or compromised credentials sold on the Dark Web. Their distinct communication style mimics legitimate penetration testing firms, adding pressure on victims to comply with ransom demands. 8Base has targeted numerous sectors, including finance, healthcare, and manufacturing, with a significant concentration of victims in the United States and Europe.
Potential Vulnerabilities
Kerkstoel's reliance on advanced technology and digital systems for its operations may have made it vulnerable to cyber threats. The construction sector, often perceived as less technologically advanced, can be an attractive target for ransomware groups seeking to exploit potential security gaps. The attack on Kerkstoel underscores the importance of effective cybersecurity measures to protect sensitive data and maintain operational integrity.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.