8Base ransomware operators use a variant of Phobos ransomware

Operators of the 8Base ransomware are using a new variant of the Phobos ransomware in their attacks. The 8Base group has been active since 2023 and predominantly targets small and medium-sized businesses in the US and Brazil. The new variant has numerous features allowing quicker encryption, backup removal, and system persistence. The use of hardcoded keys and different keys for each encrypted file makes decryption difficult.