Everest Ransomware Announces a New Victim

By Bogdan Pătru . 28 March 2024

Tech Writer

Fact-Checked this

Veteran Everest ransomware infiltrated US-based Crimson Engineering, managing to seize an undisclosed amount of confidential data. According to the hackers’ post, the victim has 24 hours available to contact them for negotiations.

Everest is a cybercriminal organization that appeared in 2020, but not much else is known about it
The cybercriminal gang has gained a reputation as highly dangerous and unforgiving during negotiations
The hackers also appear to not care about the outcome of the negotiations, as they often publish the stolen data anyway
This explains why so many victims prefer to ignore the calls to negotiations and instead deal with the situation on their own

Ransomware attacks have been on the rise lately, despite the FBI’s efforts to dismantle some of the biggest names in the business. Lockbit is the most well-known one who got targeted by the FBI in February of this year. Unfortunately, the operation failed.

Lockbit resumed its normal business and became even more aggressive after the event. Everest hasn’t faced any opposition from law enforcement, despite being active for close to 4 years. Part of that could be due to the gang’s low level of activity.

X showing the Everest attack on Crimson Engineering — https://twitter.com/FalconFeedsio/status/1772624549823016969

According to the available data, Everest relies on the double extortion method to maximize their leverage during negotiations. The hackers both encrypt the victim’s files and system and download as much sensitive data as possible.

The victim then has to negotiate for both the decryption key and the deletion of the stolen data. Which, as many have pointed out, often backfires unexpectedly.

How Everest Ransomware Operates

On the surface, Everest ransomware is much like any other standard ransomware actor. They use similar MOs like phishing mail and infected links, steal data, encrypt the victim’s system, and demand sometimes outrageous ransoms.

However, Everest is different in one aspect: honesty. In the sense that it pretty much lacks it. It may sound like a stretch to expect honesty from a gang of cybercriminals, but that’s the actual expectation in the market.

No victim would ever pay the ransom if the hackers wouldn’t keep their word to deliver the decryption key and delete the data. Which is why the vast majority of hackers do.

Everest typically doesn’t. While Everest hackers will provide the victim with the decryption key, they will also do everything in their power to maximize their profits. This typically comes down to 2 things.

First is that the hackers usually leave a “door” open into the victim’s system, which allows them to access it again at a later time. Secondly, Everest often sells not only the stolen data, but even the information regarding the access gate to the victim’s system.

This will then lead to additional breaches, sometimes even months after the original event. It’s for this reason most grade Everest as not trustworthy and why experts stress the importance of solid cyber defenses.

If you have known vulnerabilities in your system, you want to fix them as soon as possible. Especially if you qualify as a potential victim.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Everest Ransomware Announces a New Victim

How Everest Ransomware Operates

Our Mission

Bogdan Pătru

Leave a Comment Cancel