The leak site operated by the Everest ransomware gang suffered a major security breach this past weekend, resulting in the site being completely defaced. The group, known for publishing stolen files to extort victims, had its primary portal hijacked by unknown actors.
The Message Left Behind
Upon accessing the compromised domain, visitors were no longer met with the usual list of extortion targets. Instead, the hackers replaced the content with a taunting message: “Don’t do crime CRIME IS BAD xoxo from Prague.” As of the latest reports, the site remains defaced, leaving the security community to speculate on whether the attackers also managed to exfiltrate the gang’s internal data during the breach.
Who is the Everest Ransomware Gang?
Everest has established itself as a prolific, Russia-linked threat actor since emerging in 2020. The group is responsible for a string of high-profile cyberattacks, including the massive theft of data involving over 420,000 customers from the cannabis retail chain Stiiizy. Their reach has been significant enough to draw the attention of the U.S. government, which has officially linked the group to breaches targeting NASA and the Brazilian government.
A Shifting Ransomware Landscape
The hack occurs against a backdrop of declining profitability for digital extortionists. While ransomware activity remains high, 2024 data indicates a notable drop in ransom payments, as an increasing number of organizations choose to refuse demands rather than fund criminal operations.
The incident also highlights a growing trend of vulnerability among ransomware syndicates. While international law enforcement agencies have successfully disrupted groups like LockBit and Radar, many gangs are increasingly falling victim to internal sabotage and external security failures, proving that even those who weaponize data are not immune to being hacked themselves.