The gang behind the Everest ransomware claims to have penetrated the Brazilian government network and stolen government data.
According to DarkTracer, which provides information about the cybercriminals’ activities, the group has announced that it has over 3 TB of data and is selling access to the system to third parties.
So far, there are no further details on how the attack would have occurred, whether the GOV BR system was affected, and what data would have been collected.
The government has not confirmed the recent hacking. TecMundo has reached out to the Special Secretariat for Social Communications for information on the allegations but has not yet received a response.
[ALERT] Everest ransomware gang has announced "GOV Brazil" on the victim list. pic.twitter.com/N5i0LL6K5W
— Fusion Intelligence Center @ StealthMole (@stealthmole_int) August 30, 2022
WHO IS THE EVEREST GANG?
The Everest Gang is active in the ransomware segment and has gained notoriety for its “business model.”
According to Bleeping Computer, the group not only hacks systems but usually sells access to the infiltrated networks, making the intrusion even more dangerous.
After collecting and encrypting customer data, the group gives the victim time to pay the ransom. If this does not happen, the hacker group offers the credentials for sale on the dark web.
By trading access to a network, the Everest group allows other hackers to access the information they have obtained.
In other words, the victim – in this case, the government – has to deal with one attack and may also have to protect the network from multiple seizures.
RANSOMWARE AS A SERVICE
The strategy of the group behind the Everest malware is a trend in the security industry.
Nowadays, hacking organizations are even acting like businesses and going beyond just hacking to make more money.
“Groups that used to be known mostly for bank fraud (banking Trojans) have moved on to ransomware activities in recent months, which is now a much more lucrative market,” explains Jeferson Propheta of Crowdstrike.
“We have observed that a large portion of recent ransomware attacks involve exfiltration of data in addition to the actual data theft to increase costs to the victim and capitalize on the sale of data when the demand for data theft is not paid,” the cybersecurity expert points out.