The Tor leak site of the Everest ransomware group, a notorious cybercriminal organization, recently faced a significant setback as it was hacked and defaced over the weekend. The darknet site, which was previously used by the group to list their victims and share information, went offline after the attack.
The defacement of the site involved replacing victim listings with a message that read, “Don’t do crime CRIME IS BAD xoxo from Prague.” Following this defacement, the site went down completely and is currently still offline. As of now, no threat actor has come forward to claim responsibility for the incident, leading to speculation that it could potentially be an exit scam orchestrated by the group themselves.
The Everest ransomware group has been operating since 2020, initially focusing on data theft extortion before transitioning to ransomware attacks and offering initial access brokerage services. Over the years, they have listed more than 200 victims on their dark web leak site, including prominent entities like the US marijuana dispensary STIIIZY.
In August 2024, the U.S. Department of Health and Human Services issued a warning about the increasing targeting of healthcare organizations in the country by the Everest ransomware group. The threat actor profile issued by the department highlighted the group’s tactics, stating that they leverage common publicly available tools in their attacks and often gain initial access through various remote access methods. The ransomware strain associated with the group was also previously linked to a Russia-based operation.
The defacement and subsequent outage of the Everest ransomware group’s Tor leak site mark a significant blow to their operations, potentially disrupting their ability to communicate with victims and carry out further attacks. This incident serves as a reminder of the persistent threat posed by cybercriminal groups like Everest and the need for robust cybersecurity measures to protect against such attacks.
For the latest updates on cybersecurity news and developments, follow SecurityAffairs on Twitter, Facebook, and Mastodon. Stay informed and stay protected in an increasingly digital and interconnected world.