Introduction to the Incident

A recent hacking incident has been reported by TechCrunch, involving the Everest ransomware gang. The gang’s leak site, which is used to publish stolen files for extortion purposes, was hacked and defaced over the weekend.

Details of the Hack

The leak site, utilized by the ransomware gang to extort victims by publishing their stolen data, displayed a brief text note after the hack: "Don’t do crime CRIME IS BAD xoxo from Prague." This message was still visible at the time of writing, indicating that the site remained defaced. However, it is unclear whether the gang experienced a data breach as a result of this incident.

Visual Evidence

A screenshot from the Everest ransomware gang’s dark web leak site shows the defacement message. The image, provided by TechCrunch, serves as visual evidence of the hack.

Background on the Everest Ransomware Gang

Everest is a Russia-linked ransomware gang known for its prolific hacking activities, including multiple data breaches since its inception in 2020. One notable incident involved the theft of more than 420,000 customers’ data from the cannabis retail chain Stiizy. The U.S. government has attributed several hacks to Everest, including breaches at NASA and the Brazilian government.

Trend in Ransomware Attacks

Ransomware and extortion attacks are on the rise. However, recent data indicates that the number of victim payments to hackers decreased overall during 2024, as more businesses refused to pay hefty ransoms. This shift suggests a potential change in how victims are responding to ransomware attacks.

Law Enforcement Efforts and Internal Sabotage

While law enforcement operations have targeted and disrupted some ransomware gangs, including LockBit and Radar hacking groups, several gangs have also experienced damaging leaks and sabotage from within. This internal strife and external pressure may impact the operations and strategies of these ransomware groups.

In conclusion, the hacking and defacement of the Everest ransomware gang’s leak site represent a significant incident in the ongoing battle against cybercrime. As ransomware attacks continue to evolve, understanding the dynamics of these incidents is crucial for developing effective countermeasures.