The leak site of the Russian-affiliated ransomware group Everest was hacked last weekend. A short message from the hackers appeared on the site, which is normally used to publish stolen files to force victims to pay ransoms.

A short message could be seen on the website: “Don’t do crime CRIME IS BAD xoxo from Prague”. Everest has been active since 2020 and has carried out several major cyber attacks. The group claimed responsibility for the theft of data from more than 420,000 customers of cannabis retail chain Stiizy. The American government also links the group to break-ins at the space agency NASA and the Brazilian government.

This attack on Everest is taking place at a time when ransomware attacks are on the increase, but the number of victims who actually pay is falling. More and more companies are refusing to pay hackers large ransoms.

Not the first time

Although investigative services have dismantled several ransomware groups in recent years, such as LockBit and Radar, hacker groups also become victims of sabotage from within or external attacks, as is currently the case with Everest.

It is still unclear whether this attack on Everest was carried out by rival criminals, hacktivists or possibly investigative services. The message left behind provides few clues, except for the reference to Prague.

Tip: ‘Paying ransomware gangs should be prohibited’