Everest ransomware gang's leak site hacked and defaced
Take action: This is why it's very important to patch your WordPress. And not to trust the users on your site.
Learn More
The dark web leak site operated by the Everest ransomware gang has been hacked and defaced over the weekend by an unknown attacker. The site, which the cybercriminal group uses to publish stolen data and extort victims, was replaced with a mocking message: "Don't do crime CRIME IS BAD xoxo from Prague."
The defacement was still visible as of Sunday night, but the site was later taken completely offline, now returning an "Onion site not found". It's unclear whether the gang experienced a data breach as a result of the hack or only website defacement.
Security experts have suggested that the breach may have exploited a WordPress vulnerability, as the Everest leak site was using a WordPress template for their blog.
It's also possible that an internal dispute between the gang members caused one or several to hack the site by abusing access credentials.
Everest is a prolific Russia-linked ransomware operation that emerged in 2020. Over the past five years, the group has added more than 230 victims to its dark web leak site and acts as initial access brokers for other cybercrime organizations. They have been attributed to several high-profile breaches by the U.S. government.
