Ransomware Attack on Embellir: A Cybersecurity Breach by 8Base

Incident Date:

May 20, 2024

World map

Overview

Title

Ransomware Attack on Embellir: A Cybersecurity Breach by 8Base

Victim

Embellir

Attacker

8base

Location

Villandry, France

, France

First Reported

May 20, 2024

Ransomware Attack on Embellir by 8Base

Victim Overview

Embellir, a French company operating in the retail sector, was targeted by the cybercrime group 8Base in a ransomware attack. The company's website, embellir.fr, offers beauty and cosmetic products for sale, catering to customers looking to enhance their appearance. Embellir has locations in several countries, with varying legal entities registered in England, Switzerland, and Australia.

Company Profile

Embellir stands out in the beauty industry as a provider of a wide range of skincare, makeup, haircare, and other beauty products. The company's size ranges from 11-50 employees, with headquarters in Memphis, Tennessee. Despite having multiple entities, specific details about the revenue or standout features of the company matching embellir.fr are not readily available.

Attack Details

During the ransomware attack, 8Base did not make a ransom demand but exfiltrated sensitive data from Embellir. The stolen information includes accounting documents, certificates, confidentiality agreements, employment contracts, invoices, personal data, personal files, receipts, and other critical data. This breach exposed a vast amount of the company's private information, posing a significant threat to its operations and reputation.

Ransomware Group 8Base

8Base is a ransomware group known for its aggressive tactics and double-extortion strategy. They encrypt victims' files and threaten to release stolen data if the ransom is not paid. The group primarily targets small and medium-sized businesses across various sectors, using ransomware strains like Phobos customized with a ".8base" extension. 8Base has gained notoriety for its rapid rise in activities and similarities to other ransomware groups like RansomHouse.

Penetration and Vulnerabilities

It is believed that 8Base penetrated Embellir's systems through phishing emails, exploit kits, or drive-by downloads. The company's vulnerabilities may have stemmed from inadequate cybersecurity measures, lack of employee training on cyber threats, or outdated software systems. The exposure of sensitive data highlights the importance of robust cybersecurity protocols to prevent future attacks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.