Last Tuesday (30), the group behind the Everest ransomware announced that it is selling data collected in an attack against the Brazilian government. In this way, the team is making available on the dark web a package of information related to the Gov.br system, which includes 3 TB of data and access accounts.

Selling stolen data

Journalist Felipe Payão, from TecMundo, released a print, where cybercriminals are selling the package of stolen information for US$ 85 thousand, about R$ 445 thousand. Thus, payment can be made in Bitcoin or Monero cryptocurrencies.

Brazil’s government system was infected with Everest ransomware on Tuesday (30). The impact also included an access that serves more than 5 million people. 3 TB were collected and now we have some details about the cybercriminal group behind the ransom👇 pic.twitter.com/2ei2cIB59N — Felipe Payao (@felipepayao) September 1, 2022

According to information released by the hacker group, the data can be acquired in a single package. In addition to the Gov.br system access accounts and 3 TB of data, the package also includes VPN logins, credentials and RDP (remote desktop protocol) connections.

TecMundo contacted the Special Secretariat for Social Communication (Secom). However, the folder has not officially commented on the publication made by cybercriminals. Furthermore, on the 30th, Secom told the site that it had not found any evidence of an attack.

Ransomware as a Service

According to TecMundo, the Everest group is famous in the ransomware segment and has gained space in the cybersecurity scenario. They seize victim information and, if ransom is not paid, attacks include selling access credentials.

Although there is no confirmation from the government regarding the attack, the movement of the hacker group indicates that an action against the government has indeed taken place. Due to Everest’s fame in the hacking scene, it is quite unlikely that the group is selling false information, as it would damage the team’s reputation.

It is worth mentioning that the team of cybercriminals has attacked the government before. For, in August 2021, the hacking team was held responsible for actions carried out against the Ministry of Economy.

Image: Postmodern Studio / Shutterstock.com