Cyber Incident Victim: Atlantic States Marine Fisheries Commission
Date:
Apr 2024
Location:
United States of America
Summary
The Atlantic States Marine Fisheries Commission experienced a cyber incident disrupting its email systems, prompting the organization to establish temporary contact methods. The 8Base ransomware gang claimed responsibility, alleging theft of invoices, personal data, and contracts while issuing a four-day ransom deadline. The group has been linked to other cybercriminal operations like RansomHouse and Phobos ransomware, with a pattern of targeting smaller entities across sectors including agriculture. ASMFC—a congressionally established body managing fisheries conservation and enforcement—confirmed the breach but did not specify if it involved ransomware payments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Atlantic States Marine Fisheries Commission (ASMFC) confirmed a cyber incident in early April 2024 after the 8Base ransomware gang listed the organization on its leak site on March 25. The ransomware group claimed to have stolen sensitive data including invoices, personal information, contracts, and other documents, giving ASMFC four days to pay an undisclosed ransom. The commission—a congressionally established body coordinating fisheries management across 15 Atlantic coast states—experienced email system disruptions, forcing staff to establish temporary contact methods including a new email address and phone line for public communications. Director of Communications Tina Berger acknowledged the organization was actively responding to the incident but declined to confirm whether it involved ransomware or provide additional operational details. The attack disrupted access to ASMFC's extensive digital archives containing fisheries management data, conservation documents, and law enforcement records critical to its mission of managing nearshore fish species since 1942.
8Base's intrusion followed a pattern of attacks against North American regulatory bodies, occurring seven months after another U.S.-Canada border water management commission suffered a ransomware attack. Cybersecurity researchers from VMware had previously linked 8Base to established cybercriminal operations like RansomHouse and Phobos ransomware, noting the group's operational maturity despite emerging publicly in mid-2023. The gang specialized in targeting smaller organizations, with prior attacks including a Canadian dental benefits administrator for disabled Albertans and numerous agricultural sector victims. ASMFC's incident response focused on maintaining essential communications while investigating the breach's scope, though the commission did not disclose whether data exfiltration occurred or specify mitigation measures beyond email workarounds. The disruption highlighted vulnerabilities in regional fisheries management infrastructure shortly after researchers identified 8Base as one of the most active ransomware threats to critical support sectors.