Volkswagen confirms security ‘incident’ amid ransomware breach claims
The 8Base group claims to have accessed sensitive Volkswagen data, but the company insists no IT systems have been impacted
Ransomware group 8Base has claimed responsibility for an attack on Volkswagen Group in which it claims to have stolen sensitive data.
Data stolen in the attack allegedly includes invoices, receipts, accounting documents, personal employee files, employment contracts, certificates, personnel records, and numerous confidentiality agreements.
According to 8Base, the attack took place in September 2024, meaning the group has been sitting on a batch of data for more than a year.
Volkswagen has confirmed that a security “incident” occurred, but has so far been tight-lipped on the scope of the incident and whether data has been stolen.
In a statement given to Cybersecurity News, the car manufacturer said there has been no impact on its IT systems, possibly indicating the compromise occurred through a third-party supplier or subsidiary.
Who’s behind the Volkswagen attack?
8Base is a relative newcomer to the threat landscape, having burst onto the scene in 2023. The group is believed to be an offshoot of the Phobos ransomware group, and has reportedly targeted more than 1,000 organizations since forming, netting a total of $16 million in ransom payments.
Often gaining initial access via phishing campaigns or buying credentials on the dark web, the group relies mainly on a strategy of double extortion, encrypting victims' data and threatening to publish stolen information unless a ransom is paid.
Earlier this year, four Russian nationals were arrested in Thailand for alleged involvement in the group, following a joint police operation by 14 countries. The law enforcement sting saw 27 servers linked to the group seized and taken offline.
If confirmed, the Volkswagen attack may represent a change in strategy for the group. Threat intelligence from Europol shows 8Base has tended to focus mainly on small to medium-sized businesses, which often lack the cybersecurity defences to protect themselves.
Previous victims are believed to include a children’s hospital, health care providers, and educational institutions.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Ransomware victims are refusing to play ball with hackers
- The number of ransomware groups rockets as new players emerge
- The top ransomware trends for businesses in 2025
-
Post-cloud strategy: Architecting the next enterprise stackAs enterprises rethink their dependence on hyperscale, hybrid architectures are emerging as the new foundation for resilient, AI-ready infrastructure
-
Anthropic just launched Claude Fable 5, its first Mythos-class AI modelNews The launch of Claude Fable 5 marks the first public release of a Mythos-class AI model
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
