Over the weekend, a leak site operated by the Everest ransomware group was compromised and defaced, TechCrunch has learned.
The site—typically used by Everest to publish stolen data in an effort to pressure victims into paying ransoms—was replaced with a short message: “Don’t do crime CRIME IS BAD xoxo from Prague.”
As of the time of reporting, the defacement remained visible. It is still uncertain whether the attackers also gained access to the gang’s internal data during the breach.
Everest, a well-known ransomware group with ties to Russia, has been active since 2020 and has claimed responsibility for numerous cyberattacks. Notably, it was behind a breach affecting over 420,000 customers of cannabis retailer Stiizy. The U.S. government has linked the group to several high-profile intrusions, including attacks on NASA and the Brazilian government.
Despite a continued rise in ransomware and extortion attacks, 2024 saw a decline in the number of victims making payments, as more organizations chose to reject ransom demands.
While law enforcement agencies have successfully disrupted groups like LockBit and Radar, internal leaks and acts of sabotage have also undermined several ransomware operations in recent years.
