What is the Everest group doing (not only against Siae)

by Chiara Rossi

The Siae (Italian company of authors and publishers) was hit by ransomware, a hacker attack by the Everest group. Who is the hacker group and how does it work Hacker attack on Siae, to claim it is the Everest group. Stolen 60 Gigabytes of artist data, including sensitive data such as driver's licenses, health cards, ID cards and addresses. Of these, a part (28 thousand documents) have been "exfiltrated" and published to be put up for sale on the dark web. Requested a ransom to avoid the publication which would be three million euros in bitcoin. The Postal Police investigates the case through the Rome compartment of the Cnaipic (National Cybercrime Center for the protection of critical infrastructures). "The SIAE will not proceed with the ransom request," said the chief executive officer Gaetano Blandini to Ansa, who underlined: "We have already made the complaint to the postal police and the guarantor of privacy as usual. “The group's name, Everest, comes from the software code they use in their attacks. Already seen in action in 2018 with another name, Everbe, the Russian-speaking group had been identified by McAfee and active in the last quarter of 2021 "reports Repubblica. All the details on the Everest group, which develops the ransomware of the same name, itself derived from Everbe 2.0.


As Tecnologia.libero.it reports, “the Everest computer virus began to circulate very quickly in 2020 and was born from a rib of Everbe 2.0. After being infiltrated into a computer system, he starts encrypting files. Usually the infection starts from a spam email, containing an attachment that launches a script, which in turn downloads and installs the virus ". HOW THE HACKER GROUP WORKS Everest ransomware operators have gained notoriety for promoting their site by contacting cybersecurity researchers and reporters and sending emails to competitors of breach victims to lobby and extort money, according to cybersecurity firm Cyfirma. REACHED BY THE CANADIAN NEWSPAPER GLOBAL AND MAIL Ransomware groups are constantly evolving to evade law enforcement. To the columns of the Globe and Mail, last August someone from the Everest group replied this way when asked about the ethics of extortionate organizations: "This is a job." Also, he told the reporter that he emailed them that he doesn't like negotiators. "They can aggressively slash the ransom amount, cheat the payment date," the unidentified Everest member complained to the Canadian newspaper. DISAPPEARED FOR A LITTLE FROM THE RADARS AFTER THE ATTACK ON COLONIAL PIPELINE Last May Everest and another AKO ransomware operator appeared to have disappeared from the web according to Allan Liska, a researcher with cybersecurity firm Recorded Future. As Reuters reported. According to the expert, the disappearance from the radars of the two groups was a potential aftershock following the hacker attack on the main US Colonial Pipeline oil pipeline. The move followed the disappearance of DarkSide, the group accused of paralyzing the country's largest pipeline network for six days. Colonial ended up paying $ 4.4 million to unlock its systems. Since then, the United States has been taking an aggressive approach after a series of high-profile attacks. THE SCREEN FROM ZDNET Finally, in an effort to exert further pressure on hacked companies to pay ransom demands, several ransomware groups have also started stealing data from their networks before encrypting it. In April 2020, ZDNet identified nine ransomware operations that maintained a "site leak", either on the dark web or on the public Internet. Among these is also the leak site of the Everest group, which yesterday attacked Siae.

• October 21, 2021 EVEREST ARTICLE