While it's unknown how the attacker gained access to Everest's website or if it was even hacked, some security experts, like Flare Senior Threat Intelligence Researcher Tammy Harper, point to a potential WordPress vulnerability that could've been exploited to deface the ransomware operation's leak site. Over the last 5 years, Everest has added over 230 victims to its dark web leak site, which is used as part of double-extortion attacks where the ransomware gang tries to force their victims' hand into paying ransoms under the threat of releasing files containing sensitive information. The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. Since it surfaced in 2020, the Everest ransomware operation has switched tactics from data theft-only corporate extortion to including ransomware in its attacks to encrypt victims' compromised systems. In August 2024, the U.S. Department of Health and Human Services also warned that the Everest ransomware gang was increasingly targeting healthcare organizations across the United States.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 07 Apr 2025 18:35:17 +0000