Ransomware Attack on Crooker Construction by 8Base
Incident Date:
May 20, 2024
Overview
Title
Ransomware Attack on Crooker Construction by 8Base
Victim
Crooker Construction
Attacker
8base
Location
First Reported
May 20, 2024
Ransomware Attack on Crooker Construction by 8Base
Overview of the Attack
In May 2024, Crooker Construction, a prominent construction company based in Topsham, Maine, fell victim to a ransomware attack orchestrated by the 8Base ransomware group. The attackers exfiltrated a significant amount of sensitive data, including accounting documents, certificates, confidentiality agreements, employment contracts, invoices, personal data, and more. The stolen data has been published on the dark web, with the threat actors leveraging the exposure to coerce a ransom payment from Crooker Construction.
About Crooker Construction
Founded in the mid-1930s, Crooker Construction, LLC is one of Maine's most experienced earthwork, utility, and paving contractors. The company specializes in heavy civil construction, site development, and utility construction services, working on projects such as road construction, bridge building, and utility infrastructure development. Crooker Construction employs approximately 250 people and is recognized for its community involvement, supporting various charitable organizations and programs.
The 8Base Ransomware Group
The 8Base ransomware group has been active since April 2022 and is known for its aggressive double-extortion tactics. This approach not only involves encrypting a victim’s files but also stealing data and threatening to release it publicly if the ransom is not paid. 8Base primarily targets small and medium-sized businesses across various sectors, including business services, finance, manufacturing, and construction.
8Base utilizes a variant of the Phobos ransomware, often spreading through phishing emails, exploit kits, and drive-by downloads. The group has rapidly gained notoriety due to its high attack volume and sophisticated evasion techniques. Speculations suggest a potential connection between 8Base and the RansomHouse group or the use of the Babuk builder for their ransomware.
Impact and Vulnerabilities
The attack on Crooker Construction highlights the vulnerabilities in the construction sector, which, like many other industries, has increasingly become a target for cybercriminals. The reliance on digital systems for managing projects, financial transactions, and sensitive client data makes these companies attractive targets for ransomware groups.
8Base’s strategy of exfiltrating and publicly leaking data adds an additional layer of pressure on victims, aiming to damage their reputation and push them to pay the ransom. This approach underscores the importance of robust cybersecurity measures, including regular updates, employee training, and comprehensive incident response plans to mitigate the risks posed by such attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.