Summary: The Everest ransomware gang’s dark web leak site was hacked by an unknown attacker, who replaced its content with a sarcastic message. Security experts suggest a potential WordPress vulnerability may have facilitated the breach, leading to the current inaccessibility of the leak site. The Everest operation, known for its double-extortion tactics, has been active since 2020, targeting numerous organizations.
Affected: Everest ransomware gang
Keypoints:
- Everest’s leak site was taken offline following a defacement by an unknown attacker.
- The message left by the attacker sarcastically discouraged crime, suggesting they exploited a vulnerability in the site’s WordPress template.
- Everest has evolved from data theft to utilizing ransomware and acts as initial access brokers for other cybercriminals.
- Over the past five years, Everest has amassed over 230 victims through double-extortion attacks.
- Recent targets include STIIIZY and healthcare organizations, underscoring the gang’s broad range of victims.