Everest Ransomware Announces a New Victim
Veteran Everest ransomware infiltrated US-based Crimson Engineering, managing to seize an undisclosed amount of confidential data. According to the hackers’ post, the victim has 24 hours available to contact them for negotiations.
- Everest is a cybercriminal organization that appeared in 2020, but not much else is known about it
- The cybercriminal gang has gained a reputation as highly dangerous and unforgiving during negotiations
- The hackers also appear to not care about the outcome of the negotiations, as they often publish the stolen data anyway
- This explains why so many victims prefer to ignore the calls to negotiations and instead deal with the situation on their own
Ransomware attacks have been on the rise lately, despite the FBI’s efforts to dismantle some of the biggest names in the business. Lockbit is the most well-known one who got targeted by the FBI in February of this year. Unfortunately, the operation failed.
Lockbit resumed its normal business and became even more aggressive after the event. Everest hasn’t faced any opposition from law enforcement, despite being active for close to 4 years. Part of that could be due to the gang’s low level of activity.
According to the available data, Everest relies on the double extortion method to maximize their leverage during negotiations. The hackers both encrypt the victim’s files and system and download as much sensitive data as possible.
The victim then has to negotiate for both the decryption key and the deletion of the stolen data. Which, as many have pointed out, often backfires unexpectedly.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
How Everest Ransomware Operates
On the surface, Everest ransomware is much like any other standard ransomware actor. They use similar MOs like phishing mail and infected links, steal data, encrypt the victim’s system, and demand sometimes outrageous ransoms.
However, Everest is different in one aspect: honesty. In the sense that it pretty much lacks it. It may sound like a stretch to expect honesty from a gang of cybercriminals, but that’s the actual expectation in the market.
No victim would ever pay the ransom if the hackers wouldn’t keep their word to deliver the decryption key and delete the data. Which is why the vast majority of hackers do.
Everest typically doesn’t. While Everest hackers will provide the victim with the decryption key, they will also do everything in their power to maximize their profits. This typically comes down to 2 things.
First is that the hackers usually leave a “door” open into the victim’s system, which allows them to access it again at a later time. Secondly, Everest often sells not only the stolen data, but even the information regarding the access gate to the victim’s system.
This will then lead to additional breaches, sometimes even months after the original event. It’s for this reason most grade Everest as not trustworthy and why experts stress the importance of solid cyber defenses.
If you have known vulnerabilities in your system, you want to fix them as soon as possible. Especially if you qualify as a potential victim.