The ransomware group Everest He claims to have sensitive information from the Argentine government and put it up for sale on his dark web blog for 200 thousand dollars. They would be accesses to systems of dependencies of the State.
The information was published on the official Everest page, which posts its attacks on a site accessed by specific dark web browsers such as Tor. It’s not the first time that Everest attacks a State: the Brazilian Police, the Peruvian Ministry of Economy and Finance, the United States government.
Ransomware is a type of software that hijacks information. Its name is an acronym for “data rescue program”: ransom in English it means rescue, and ware is a shortening of the well-known word software: a data hijacking program. Ransomware is a subtype of malware, an acronym for “malicious software.”
Javier Smaldone, a computer security specialist who closely follows the data leaks that have occurred in the country, notices a local connection: the person who leaked the Renaper data last October.
“The same one that leaked the data from the IOSFA register and of 60,000 people from RENAPER (and claimed to have 45 million), it was selling access to networks and systems of the Argentine State. The offender, who identifies himself as [S], claims to be the same one who attacked Patricia Bullrich and the Ministry of Security in 2017 and the Argentine Federal Police in 2019, according to a note given to the media by Rosario 3, ”he reminded Clarín.
That user had said, in the forum in which he published the information, that he had access to the Argentine government network for sale. And that’s what Everest is dedicated to in part: “These criminal gangs like the Everest Ransomware Team sell not only data that they steal through ransomware, but also access to networks and systems who buy on the black market ”, he added.
“For access to systems of the Brazilian Police they ask for 50 thousand dollars. For accesses to the Ministry of Economy of Peru, they ask for 30 thousand. Considering that for access to networks and systems in Argentina they ask for 200 thousand dollars, it must be something quite important”Smaldone closes.
As he knew ClarionThe government is investigating what happened and what information could be compromised. It would not be the first time that the Argentine State has suffered a computer attack.
Last year, an international group of cybercriminals known as Netwalker gained access to the National direction of Migration and steal a huge database with private data of citizens and records of migratory movements.
This year, from a blog that is not even accessible on the deep web, but from any home connection, a user uploaded information about stolen identity document data from the Renaper, through unauthorized access.
Everest, a “high profile” extortion group
Sodinokibi / REvil: The FBI arrested the gang in early November. AP Photo
Among the other bands that exist such as Netwalker or REvil, Everest is characterized by the magnitude of its blows: they play what is known as “Big Game Hunting”, having to their credit not only government entities but recognized law firms and “high profile” individuals.
Its name comes from source code that they use in their attacks, and it was already known since 2018 under the name of Everbe, identified by McAfee.
This is how they are described on their website:
The Everest team is dedicated to collecting and analyzing information from clients and their companies. We specialize in private customer data, financial information, databases, credit card information, and more. Companies cannot understand the risk of information leaks, especially private information. These leaks lead to losses for companies, fines and legal disputes. And do not forget that information can fall into the hands of competitors. When you hire third-party negotiators, listen to what they tell you, try to think: are they really interested in solving your problems or are you just thinking about your financial benefits and ambitions?
“It is not clear if Everest is responsible for the hacks, if it acts as a data broker, if you extract them from other landfills or if it is a combination of both. In a recent case, the gang refused to provide samples of the allegedly stolen data to someone pretending to be a buyer. The filtering site does not appear to be linked to any known type of file encryption ransomware, “Brett Callow, a cybersecurity specialist at Emsisoft, warned Clarín.
Your notice has to do with the fact that in other cases, cybercriminals provide proof that they have access to the information. In this case, Everest simply left an email to be contacted and start negotiations to sell the data.
Or, ultimately, for the Government to review how it protects information in agencies that have sensitive data.