The Threat of 8Base Ransomware: A Case Study on Calumet Civil Contractors
Incident Date:
May 2, 2024
Overview
Title
The Threat of 8Base Ransomware: A Case Study on Calumet Civil Contractors
Victim
Calumet Civil Contractors, Inc.
Attacker
8base
Location
First Reported
May 2, 2024
Ransomware Attack on Calumet Civil Contractors by 8Base Group
Company Profile
Calumet Civil Contractors, Inc., based in Indiana, is a prominent player in the construction sector, specializing in road resurfacing and infrastructure maintenance. The company is known for its commitment to delivering high-quality services, as evidenced by its involvement in significant projects like the $6,568,000 bid for an Indiana Department of Transportation project. Despite not disclosing specific revenue figures, their role as a planholder for state-level projects underscores their substantial operational scale and financial involvement in public infrastructure.
Details of the Ransomware Attack
The attack on Calumet Civil Contractors was orchestrated by the 8Base ransomware group, known for its aggressive double-extortion tactics. On May 3, 2024, the group compromised the company's systems, encrypting data and stealing sensitive information related to projects, employees, and clients. The attackers have threatened to release this data unless a ransom is paid, putting significant pressure on the company to comply due to the potential reputational damage.
8Base Ransomware Group Profile
8Base has been active since April 2022 and targets SMBs across various sectors. They employ a variant of Phobos ransomware, marked by the ".8base" file extension. The group is notorious for its method of operation, which includes phishing emails, exploit kits, and drive-by downloads as common vectors for their attacks. The similarity in tactics between 8Base and RansomHouse suggests possible affiliations or shared methodologies, enhancing their threat landscape presence.
Potential Vulnerabilities and Entry Points
Given the nature of 8Base's known attack vectors, it is plausible that Calumet Civil Contractors fell victim through a phishing scheme or an unpatched software vulnerability. Construction firms like Calumet, while adept at physical engineering projects, may not always prioritize cybersecurity, making them susceptible to such sophisticated cyber-attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.