Photo: Murilo Fonseca
Brazil’s largest cooperative financial institution, Sicoob, has become the latest victim of the notorious 8Base ransomware group. The attackers claim to have infiltrated sensitive data from the institution, raising alarm among its more than eight million members and financial industry experts.
Sicoob, renowned for its extensive network of over 4,600 service points throughout Brazil, plays a crucial role in the country’s financial ecosystem. The cooperative offers a comprehensive suite of financial services, including current accounts, investment products, social security plans, and digital payment solutions.
Its prominence as the third-best financial institution in Brazil, according to Forbes ‘Best Banks in the World 2024’ rankings, underscores the potential impact of such a breach.
This is not the first time Sicoob has been in the crosshairs of ransomware operators. In June 2024, the institution fell victim to the RansomHub ransomware group, which claimed to have compromised its data, reports FalconFeeds.
Researchers discovered that the 8Base ransomware group has been active since at least March 2022 although it was first reported in May 2023. The group has targeted organisations focusing on manufacturing, technology, healthcare, transportation, finance, real estate, and legal sectors.
The 8base ransomware uses a double extortion method, meaning it encrypts and steals data. Furthermore, the malware implements various persistence techniques such as modifying firewall rules, disabling recovery mode, and adding persistence to the Windows Registry.
Banks are a prime target for cybercriminals due to their storage of sensitive financial data, which is a goldmine for hackers, as well as various other types of data. The GodFather malware recently targeted over 500 banking and crypto apps in nine countries.
In October 2024, a data breach at the Interbank exposed more than 3.7 TB data of more than three million customers. In India, a ransomware attack targeted C-Edge Technologies Ltd., disrupting operations of more than 300 small cooperative and regional rural banks (RRBs).
In July, the LockBit ransomware group attacked and encrypted the data of the Evolve Bank, leaving the bank’s partners scrambling to conduct internal investigations.
In the News: Taiwan faces over 900,000 Chinese cyberattacks monthly
