Ransomware gang Everest has taken down its dark web leak site following its defacement in a cyberattack over the weekend by still-unknown threat actors, BleepingComputer reports.
Additional details regarding the compromise remain lacking but Everest's data leak site may have been compromised through the exploitation of a WordPress vulnerability, according to Flare Senior Threat Intelligence Researcher Tammy Harper, who noted the usage of a WordPress template for the website. More than 230 organizations have already been breached by Everest, also a known initial access broker, since its emergence five years ago, with major California marijuana dispensary STIIIZY among its latest victims. Everest which initially focused on data theft alone before eventually integrating ransomware for systems encryption as part of double-extortion attacks was also reported by the U.S. Department of Health and Human Services to have escalated intrusions aimed at U.S. healthcare providers.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Safe-seeming cloud services like Google Drive and Trello have everything attackers need to remotely control infected hosts, and most defenders have no idea.
