Wasserkraft Volk AG: Targeted by 8Base Ransomware Attack

Incident Date:

April 22, 2024

World map

Overview

Title

Wasserkraft Volk AG: Targeted by 8Base Ransomware Attack

Victim

Wasserkraft Volk AG

Attacker

8base

Location

Gutach, Germany

, Germany

First Reported

April 22, 2024

Ransomware Attack on Wasserkraft Volk AG by 8Base Group

Overview of the Attack

Wasserkraft Volk AG, a prominent German hydroelectric power solutions provider, has recently fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group, 8Base. The attack targeted the company's operational website, leading to the encryption and potential theft of critical data including invoices, personal employee information, and sensitive operational documents.

Company Profile

Founded in 1979, Wasserkraft Volk AG specializes in the design, manufacturing, and implementation of hydroelectric power stations. Known for its sustainable practices, the company operates a CO2-neutral factory and has a significant presence in over 50 countries, with an installed capacity exceeding 1.4 million kW. The company prides itself on its vertical integration, producing both turbines and generators, which allows for rapid adaptation to market innovations and trends.

Targeting and Vulnerabilities

The choice of Wasserkraft Volk AG as a target by 8Base could be attributed to several factors. Firstly, the company's extensive global footprint and its significant digital infrastructure make it a lucrative target for ransomware attacks. Additionally, as a leader in a highly specialized and critical sector, the disruption of its operations could pressure the company to comply with ransom demands to swiftly restore services and maintain customer trust.

Ransomware Group Details

8Base has been active since early 2022 and is known for its aggressive double-extortion tactics. This group not only encrypts the victim’s data but also exfiltrates it, threatening to release the information publicly if their demands are not met. The group predominantly targets SMBs across various sectors, utilizing Phobos ransomware variant marked by the ".8base" file extension.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.