The gang behind ransomware Everest claims that invaded Brazil’s government network and stole government data. according to DarkTracerwhich points to updates on cybercriminals’ movements, the group announced that has 3 TB of data and it is selling access to the system to third parties.
So far, there are no further details on how the attack would have occurred and if the GOV BR system was affected, as well as what data would have been collected. The government has not confirmed hacker intrusions recently — the TecMundo contacted the Special Secretariat for Social Communication in search of information about the allegations, but has not yet received a response.
[ALERT] Everest ransomware gang has announced “GOV Brazil” on the victim list. pic.twitter.com/N5i0LL6K5W
— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) August 30, 2022
Who is the Everest Gang?
The Everest gang is very active in the ransomware industry and has gained prominence because of its “business model”. According to details the Bleeping Computerin addition to invading systems, the group usually sells access to circumvented networks, which can make the invasion even more harmful.
After collecting and encrypting customer data, the group gives the victim time to pay the ransom. If not, the hacker gang puts the access credentials for sale on the dark web.
By commercializing access to a network, the Everest group allows more hackers to gain access to the information obtained. That is, instead of dealing with just one intrusion, the victim — in this case the government — may have to protect the network from multiple attacks simultaneously.
Ransomware as a Service
The strategy adopted by the group behind the Everest malware is a trend in the security industry. Currently, hacker organizations reach act like companies and go beyond the simple invasion to get more money.
“Groups that were formerly known for banking fraud (banking Trojans) have migrated in recent months to ransomware activities, today a much more lucrative market,” explains Jeferson Propheta, from Crowdstrike.
“In addition to the data hijacking attack itself, we have observed that most recent ransomware attacks are accompanied by data exfiltration in order to increase the cost to the victim and also to capitalize on the sale of data, if the demand for the hijacking of data is not paid”, emphasizes the cybersecurity expert.