everest attacks Backus Meyer

Incident Date:

March 7, 2022

World map



everest attacks Backus Meyer


Backus Meyer




Lowell St, USA

Manchester, USA

First Reported

March 7, 2022

Everest Ransomware Attack on Backus, Meyer & Branch, LLP

The law firm Backus, Meyer & Branch, LLP, based in Manchester, New Hampshire, has been targeted by the Everest ransomware group. The firm, which has provided legal counsel in Hillsborough County and throughout New Hampshire and Massachusetts for nearly four decades, has been hit by a ransomware attack that has been claimed by the Everest group on their dark web leak site.

Company Size and Industry Standout

Backus, Meyer & Branch, LLP, is a law firm with a team of experienced attorneys, many of whom have more than 20 years of legal experience. The firm is known for its award-winning legal counsel and has been recognized by peers and industry publications for consistently stellar performance, including being named to Super Lawyers and Best Lawyers.

Vulnerabilities and Targeting

The Everest ransomware group has been observed using a variety of tactics to gain access to corporate networks, including targeting disgruntled or rebellious employees for insider access. The group has also been known to use phishing attacks and other social engineering techniques to gain access to networks.

The Everest ransomware group has been active since at least December 2020 and has gone through several iterations, initially focusing on data exfiltration before becoming a ransomware operator, and now increasingly specializing as an Initial Access Broker (IAB). The group targets organizations across a range of industries and regions, with a particular concentration in the Americas and capital goods, health, and the public sector.

Response and Mitigation

The Everest ransomware group has been observed deleting its advertisements from its leak site, which can make it difficult for other security professionals to track their activity. However, dark web intelligence platforms like Cerberus can capture deleted posts, allowing for a more comprehensive understanding of the group's activity.

To mitigate the risk of ransomware attacks, organizations should implement robust cybersecurity measures, including regular software updates, employee training, and the use of multi-factor authentication. In the event of an attack, it is crucial to have a well-defined incident response plan in place, which includes the ability to isolate affected systems and restore data from backups.


  • Backus, Meyer & Branch, LLP
  • The Register: Everest searching for corporate insiders amid rare pivot
  • Searchlight Cyber: Everest Ransomware Group Increases Initial Access Broker Activity
  • Business Wire: Dark Web Intelligence Shows Everest Ransomware Group Increasing Initial Access Broker Activity
  • SC Media: Everest ransomware operation transitioning as IAB

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.