In June 2023, Lysander Shipping, a Denmark-based global shipping company, suffered a ransomware attack executed by the 8BASE cybercriminal group. The attackers employed a double extortion strategy, exfiltrating sensitive corporate data before encrypting the company’s systems. The stolen data included critical financial and operational documents such as invoices, internal records, bank statements, and financial files. The 8BASE group threatened to publicly leak the compromised data on July 3, 2023, unless a ransom was paid. The incident was publicly disclosed by RedPacket Security on June 26, 2023.The attack disrupted Lysander Shipping’s operations, risking financial losses, reputational damage, and potential regulatory penalties due to the exposure of confidential business and financial information. The breach also posed a broader threat to the company’s supply chain partners and clients, given the sensitivity of the leaked documents. While the article does not specify whether the ransom was paid or if the data was ultimately published, the attack underscored the vulnerability of maritime logistics firms to targeted ransomware campaigns, particularly those leveraging data theft as leverage for extortion.
Source: https://www.redpacketsecurity.com/8base-ransomware-victim-lysander-shipping/
TPRM report: https://www.rankiteo.com/company/lysander-shipping-a-s
"id": "lys250092125",
"linkid": "lysander-shipping-a-s",
"type": "Ransomware",
"date": "6/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Shipping/Logistics',
'location': 'Denmark',
'name': 'Lysander Shipping',
'type': 'Private Company'},
{'industry': 'Healthcare',
'location': 'India',
'name': 'Clear Medi Healthcare',
'size': 'Small/Medium'},
{'industry': 'Manufacturing/Construction',
'location': 'Tunisia',
'name': 'Job-Sa Beton',
'size': 'Small/Medium'},
{'industry': 'Manufacturing',
'location': 'Italy',
'name': 'Pneumax',
'size': 'Small/Medium'},
{'industry': 'Legal Services',
'location': 'Italy',
'name': 'Legalilavoro',
'size': 'Small/Medium'}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'file_types_exposed': ['invoices',
'internal documents',
'bank documents',
'financial records'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['financial',
'corporate',
'legal']},
'date_detected': '2023-06-01',
'date_publicly_disclosed': '2023-06-26',
'description': 'In June 2023, Lysander Shipping, a Denmark-based global '
'shipping company, fell victim to a ransomware attack by the '
'8BASE group. The cybercriminal gang, active since April 2022, '
'employs a double extortion tactic, first stealing and then '
'encrypting data. They threatened to publish the stolen data '
'on July 3, 2023, if the ransom was not paid. The stolen data '
'included sensitive files such as invoices, internal '
'documents, bank documents, and financial records.',
'impact': {'brand_reputation_impact': 'High (Threat of Public Data Leak)',
'data_compromised': ['invoices',
'internal documents',
'bank documents',
'financial records'],
'payment_information_risk': 'High (Bank Documents Compromised)'},
'initial_access_broker': {'high_value_targets': ['financial records',
'internal documents']},
'motivation': 'Financial (Double Extortion: Data Theft + Encryption)',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': '8BASE'},
'references': [{'date_accessed': '2023-06-26',
'source': 'RedPacket Security'}],
'response': {'third_party_assistance': ['RedPacket Security (Reporting)']},
'threat_actor': '8BASE',
'title': 'Ransomware Attack on Lysander Shipping by 8BASE Group',
'type': 'Ransomware Attack'}