Everest ransomware group’s darknet site offline following defacement

Avatar

The darknet leak site used by the ransomware gang Everest went offline Monday after being apparently hacked and defaced over the weekend.

Victim listings on the site for the Russian-speaking group, linked to an attack on cannabis dispensary STIIIZY earlier this year, were replaced by a simple message over the weekend.

“Don’t do crime CRIME IS BAD xoxo from Prague” stated the defacement, which took place over the weekend. The site itself went offline on Monday.

It is not clear whether the incident is legitimate or who may be behind it.

Law enforcement disruption operations, which have expanded in recent years, usually replace the sites they target with a splash page announcing the operation and identifying the agencies involved.

Criminal groups sometimes perform “exit scams” such as AlphV/BlackCat which forged a law enforcement notice last year in order to steal funds from an affiliate in the wake of a devastating attack on Change Healthcare.

The Everest defacement does not purport to come from a law enforcement agency, and to-date no affiliates have been identified complaining about being scammed on cybercrime forums.

It comes as Western authorities scramble to deal with the threat posed by the financially-motivated criminals, including disruption operations which have sowed disarray in the ransomware ecosystem, particularly the operation targeting LockBit.

The British government is currently considering banning public sector bodies from making extortion payments, and requiring all victims to report incidents to the government, in a bid to starve the ransomware ecosystem of its revenues.

Alongside the LockBit disruption and the AlphV/BlackCat exit scam, extortion payments dropped for the first time in years in 2024 according to a report by Chainalysis.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

TechEd

Next Post

Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign

Related Posts

Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation

Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss. The
Avatar
Read More

Empower Users and Protect Against GenAI Data Loss

When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in
Avatar
Read More