Topserve Service Solutions Hit by 8Base Ransomware Attack in 2024

Incident Date: Jun 21, 2024

Attack Overview

VICTIM

Topserve Service Solutions

INDUSTRY

Business Services

LOCATION

Philippines

ATTACKER

8base

FIRST REPORTED

June 21, 2024

Request Removal

Ransomware Attack on Topserve Service Solutions by 8Base Group

Company Profile: Topserve Service Solutions, Inc.

Topserve Service Solutions, Inc., established in 1997 by Alex F. Tanwangco, has grown from a modest team of 35 to over 23,000 employees, providing specialized services across various sectors including aviation, manufacturing, and retail. The company is recognized for its comprehensive service offerings, particularly in preventive and corrective maintenance, which enhance operational efficiency for businesses. Their significant investment in technology to streamline operations marks them as a leader in the business services sector in the Philippines.

Details of the Ransomware Attack

On June 21, 2024, Topserve Service Solutions fell victim to a ransomware attack by the notorious 8Base group. The attack led to the unauthorized access and encryption of critical data including invoices, receipts, and personal employee files. This incident was publicly disclosed by the attackers on June 28, 2024, through their dark web leak site, signaling a severe breach of confidential and operational data.

Profile of the 8Base Ransomware Group

The 8Base group, active since April 2022, targets SMBs with a focus on double-extortion tactics. This method not only involves encrypting the victim’s data but also threatens the release of stolen data if the ransom demands are not met. The group’s use of the Phobos ransomware variant, marked by the ".8base" extension on encrypted files, and their methods of distribution through phishing and exploit kits, highlight their sophisticated approach to cyber extortion.

Potential Vulnerabilities and Attack Vectors

Topserve’s extensive reliance on digital technology for operational efficiency, while beneficial, may also have exposed them to increased cybersecurity risks. The 8Base group likely exploited vulnerabilities in the company’s digital infrastructure, possibly through phishing attacks targeting employees or through unpatched systems, to initiate the ransomware attack.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.