Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Everest ransomware group’s Tor leak site offline after a defacement

The Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend. The Everest ransomware gang’s darknet site went offline after being hacked and defaced, with victim listings replaced by the following message. “Don’t do crime CRIME IS BAD xoxo from Prague” read the message published on the […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

The Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend.

The Everest ransomware gang’s darknet site went offline after being hacked and defaced, with victim listings replaced by the following message.

“Don’t do crime CRIME IS BAD xoxo from Prague” read the message published on the site’s homepage after the defacement. Later, the site went down and currently it is still offline.

No threat actor has yet claimed responsibility for the defacement. We cannot exclude the fact that the incident is an exit scam of the group.

The group has been active since 2020, the operation has evolved from data theft extortion to using ransomware and initial access broker activity. In 5 years, Everest listed more than 200 victims on its dark web leak site, including the US marijuana dispensary STIIIZY.

In August 2024, the U.S. HHS warned that the Everest ransomware gang was increasingly targeting healthcare organizations across the U.S.

“The Everest ransomware group has been active since 2020, and has engaged in data extortion and ransomware operations, along with initial access broker (IAB) activity. The group has increasingly targeted the healthcare industry since 2021, and claimed responsibility for a recent incident impacting a surgical facility in the United States.” reads the threat actor profile issued by the U.S. Department of Health and Human Services. “The group leverages a variety of common publicly available tools in its attacks, and is known to obtain initial access via various remote access tools and methods. The ransomware strain was previously linked to a Russia-based ransomware operation.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)