Ransomware on the Move: LockBit, Hunters International, 8Base, WereWolves


February 27, 2024

World map

Halcyon publishes a quarterly RaaS and data extortion group reference guide, Power Rankings: Ransomware Malicious Quartile. Here's the ransomware gangs on the move last week:


The venerable insurance brokerage firm, Bucher & Strauss, found itself in the crosshairs of the infamous LockBit ransomware group. While details of the attack remain scant, the incident serves as a stark reminder of the indiscriminate nature of ransomware assaults on enterprises irrespective of their stature.

LockBit's brazen resilience was on full display when authorities disrupted its infrastructure on February 19, only to witness the group's swift resurgence less than a week later.  

Emboldened by their ability to evade law enforcement actions, LockBit has vowed to intensify attacks on the public sector, signaling a dire escalation in their nefarious activities.

Since its inception in 2019, LockBit has distinguished itself as the most prolific Ransomware-as-a-Service (RaaS) gang, leveraging advanced encryption techniques and innovative tactics to extort exorbitant ransoms from targeted entities.  

Notably, LockBit's modus operandi encompasses not only file encryption but also data exfiltration, amplifying the stakes for victim organizations. Their audacious demands, exceeding $50 million in some cases, underscore the gravity of the threat posed by this sophisticated cyber syndicate.

Hunters International

The Hunters International ransomware group continues its spree of attacks, targeting a diverse array of organizations spanning multiple sectors and geographies.  

Last week’s victims included Schuster Trucking Company, BS&B Safety Systems, Ayuntamiento de Teo, Wapiti Energy, Griffin Dewatering, the Chicago Zoological Society, Tiete Automobile, and Greater Napanee.  

With each attack, Hunters International leaves a trail of disruption and uncertainty, compelling affected organizations to grapple with the devastating aftermath of data breaches and extortion demands.

The sophistication exhibited by Hunters International, coupled with their penchant for double extortion tactics, underscores the evolving threat landscape faced by businesses worldwide.  

By exfiltrating sensitive data before encrypting files, the group amplifies the financial and reputational repercussions for victims, reinforcing the imperative for robust cybersecurity measures.


Marching onto the ransomware battleground, the 8Base ransomware group has swiftly carved a niche for itself as a formidable adversary to organizations across diverse sectors.  

With a surge in activity observed since its emergence in 2022, 8Base has demonstrated a penchant for targeting businesses in the manufacturing, construction, and business services domains.  

Employing sophisticated evasion techniques and leveraging customized ransomware payloads, the group poses a significant challenge to cybersecurity professionals tasked with mitigating ransomware risks.

Despite lacking a signature ransomware strain or a public RaaS platform, 8Base's operational agility and strategic targeting highlight the adaptability and resilience of modern cybercriminal syndicates.  

Their propensity for double extortion and the strategic leaking of compromised data underscores the need for proactive defense mechanisms to thwart ransomware incursions effectively.


David's Bridal suffered a ransomware attack by the newcomer WereWolves ransomware group. The impact is unclear, and the company is keeping silent.  

David's Bridal is a clothing store in the United States that specializes in wedding dresses, bridesmaid dresses, prom and homecoming dresses, quinceañera dresses, flower girl dresses, and other formal wear. It also does alterations.  

Emerging in May 2023, the WereWolves ransomware group has quickly made its mark on the cyber threat landscape.  

With a penchant for utilizing variants of the LockBit ransomware and adopting a jovial approach to recruitment and propaganda, WereWolves represent a unique breed of cybercriminals.  

Their indiscriminate targeting strategy, coupled with double extortion tactics, signals a troubling escalation in ransomware tactics, underscoring the imperative for heightened vigilance and preparedness among organizations worldwide.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.