Web developer for 8Base ransomware identified
Ransomware gang appeared in March 2023 and already claims a number of victims.
In a study published on September 18, 2023, by US cyber expert Brian Krebs, one of the developers for the “name and shame” website run by ransomware group 8Base has been identified. The dark web platform lists hundreds of ransomware victims that refuse to pay the ransom.
However, the cybercriminals slipped up when they uploaded the site in development mode instead of production mode. An inappropriate request would therefore generate an error page with a link to the Gitlab repository for part of the website’s source code. The repository led investigators all the way to its creator, 36-year old Moldovan national Andrei Kolev.
When questioned, the suspect denied any involvement in developing the cybercriminal website. Yet afterward the link to the Gitlab repository disappeared from the error page.
“Ransomware groups are known for remote-hiring developers for specific projects without divulging precisely who they are or how the new employee’s code will be used, and it is possible one of Mr. Kolev’s clients is only a façade for 8Base,” explained Brian Krebs in his study.
Online since March of 2023, 8Base remains very mysterious, despite a peak in activity in June 2023, according to a VMWare analysis. “8Base is an opportunistic model that compromises victims from a wide variety of areas. Despite the high number of cyberattacks, the identities, methods and motives behind them remains a mystery,” explains VMWare.