A fisheries management organization for the East Coast is dealing with a cyber incident following claims by a ransomware gang that it stole data. 

The Atlantic States Marine Fisheries Commission (ASMFC) — an 80-year-old organization created by Congress and made up of officials from the Atlantic coast states — said this week that its email system is down.

The organization was forced to create a temporary email address and provide a phone number people can use to contact the information. 

Tina Berger, director of communications for ASMFC, told Recorded Future News that they are currently “responding to a cyber incident affecting our systems” but did not respond to further questions about whether they are dealing with a ransomware attack. 

A screenshot of the organization's website on Tuesday.

On Monday, the 8Base ransomware gang added the organization to its leak site, giving officials four days to pay an undisclosed ransom. 

The group claimed it stole invoices, personal data, contracts and more. 

The ASMFC coordinates the conservation and management of nearshore fish species, as well as habitat conservation efforts and law enforcement initiatives. 

Its website hosts a trove of fisheries management data and an archive of documents related to the body’s work.

A similar U.S. government commission tasked with managing the lake and river systems along the border between the U.S. and Canada was attacked by another ransomware gang in September. 

8Base is a relatively new ransomware gang that ramped up its activity in the summer of 2023. Researchers from VMware said last year that while the group was new, its speed and efficiency “do not indicate the start of a new group but rather signify the continuation of a well-established mature organization.”

VMware found deep ties between 8Base and RansomHouse — a platform cybercriminals use to sell stolen data and extort victims. The researchers also found similarities between 8Base and the Phobos ransomware. 

“Given the nature of the beast that is 8Base, we can only speculate at this time that they are using several different types of ransomware – either as earlier variants or as part of their normal operating procedures,” VMware said. 

“What we do know is that this group is highly active and targets smaller businesses. Whether 8Base is an offshoot of Phobos or RansomHouse remains to be seen.” 

The group has previously been implicated in attacks on a Canadian agency that administers dental benefit plans for disabled people in Alberta. 

A new report on ransomware attacks targeting the agriculture industry found that 8Base was one of the most prolific groups targeting the sector.