everest attacks Campbell Sales & Service
Incident Date:
March 7, 2022
Overview
Title
everest attacks Campbell Sales & Service
Victim
Campbell Sales & Service
Attacker
Everest
Location
First Reported
March 7, 2022
Campbell Sales & Service Ransomware Attack
Campbell Sales & Service, a company specializing in the sale of industrial bearing and power transmission products, has been targeted by the ransomware group Everest. The attack was announced on the group's dark web leak site. The company operates in the Consumer Services sector and is known for its knowledgeable sales staff and extensive inventory, which includes nearly one million dollars in stock at all times.
Company Size and Industry Standing
Campbell Sales & Service is a mid-sized business with reported revenues of up to $50 million, making it a common target for ransomware attacks. The company's industry, Consumer Services, has experienced a disproportionate percentage of ransomware attacks, following manufacturing companies and healthcare entities.
Vulnerabilities and Targeting
The ransomware group Everest has been exploiting zero-day vulnerabilities in their attacks, which has led to a surge in ransomware victims. This tactic has left even organizations with robust backup and restoration processes backed into a corner, as the attackers focus solely on stealing sensitive data and extorting victims by threatening to sell or leak the data to others.
Mitigation Strategies
To mitigate the risks of ransomware attacks, organizations should prioritize patching of newly disclosed vulnerabilities, understand the adversary, threat surfaces, techniques used, favored and developed, and particularly what products, processes, and people they need to develop in order to stop a modern ransomware attack. Additionally, implementing platforms for EDR (Endpoint Detection and Response), SOAR (Security Orchestration, Automation and Response), and active ASM (Attack Surface Management) can reduce ransomware risk.
Sources
- "Understanding Ransomware and Strategies for Defense" - https://www.mitre.org/publications/technical-papers/understanding-ransomware-and-strategies-for-defense
- "Zero-Day Exploits: A Comprehensive Guide" - https://www.csoonline.com/article/3233210/what-is-a-zero-day-vulnerability.html
- "The Importance of EDR, SOAR, and ASM in Preventing Ransomware Attacks" - https://www.securityweek.com/importance-edr-soar-and-asm-preventing-ransomware-attacks
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.