Mount Everest, considered the highest point on Earth at 29,035 feet, is in the Himalayas. Each year tens of thousands of tourists venture to the area, taking in the beautiful landscape, exploring the majestic surroundings, and trekking the mountainous routes. Often driven by an innate need to push physical, mental, and/or spiritual boundaries, there are hundreds of extreme challenge-seekers each year with goal-driven aspirations to summit the mighty mountain. However, even with the serious (and deadly) physical costs aside, booking a professionally lead and guided trip can come with a price tag of between $35,000.00 and $45,000.00. But ever since late 2020, there has been another costly “Everest”, financially impacting thousands of people much closer to home. The Everest I’m referring to is the Russian-speaking, Everest ransomware group. The Everest ransomware group was originally a data exportation band, before shifting focus to a ransomware dealer, and now they are increasingly specializing as an Initial Access Broker. An Initial Access Broker is a cybersecurity term for criminals who sell backdoor access into organizations to other cybercriminals, but don’t directly carry out the attack themselves.
Victims of the Everest ransomware group include organizations within the health industry, financial institutions, and those within the government sector. Examples of high-profile targets include AT&T and NASA.
According to recent data gathered by the Thirtyseven4 EDR Security ThreatLab team, the Everest ransomware group (alarmingly!) appears to have shifted focus and coordinated efforts to the educational market, where the group claims to have (and threatens to release on the dark web) password access to the administrative staff, network admins, faculty, students and more.
Are you in the Educational sector? Are you concerned about the Everest ransomware group?
We should be.
The Multi-State ‘Information Sharing and Analysis Center’ recently sent out an alert regarding the Everest Ransomware selling access to “all school networks”. The Everest ransomware infects hosts through phishing, exploit kits, vulnerable RDP sessions and malicious downloads, and the best defense against Everest is an excellent offense.
Customers of Thirtyseven4 EDR Security are fully protected against the Everest ransomware and its variations.