The Everest Ransomware Gang's Attack on PSM Marketing

The Everest ransomware gang has attacked PSM Marketing. PSM Marketing, also known as Power Sports Marketing, is a marketing and consulting firm that specializes in serving professionals in the legal, financial, and healthcare industries. It is headquartered in Georgia, USA. Everest posted PSM Marketing to its data leak site on September 2nd but provided no further details.

Everest's Notorious Activities

The Everest ransomware group has garnered attention by claiming possession of sensitive data from aeronautics firms, including NASA. While they haven't yet demanded ransom payments from victims, they've established a $30,000 price for the sale of leaked data. The group asserts access to corporate emails as an "intelligence opportunity."

Targeting and Tactics

Targeting government offices across various states, including Argentina, Peru, and Brazil, the Russian-speaking Everest employs double extortion tactics, seeking payment for decryption keys and to prevent data leaks. Initially detected in 2018, the Everest ransomware is part of the Everbe 2.0 ransomware family, employing tools like Embrace, Hyena Locker, PainLocker, and EvilLocker. Employing tactics like lateral movement through compromised accounts and exploiting the Remote Desktop Protocol, the group targets multiple industries, especially in the Americas, capital goods, health, and public sectors.

A Distinctive Role in Cybercrime

The Everest group, distinctively rare, acts as an "Initial Access Broker," selling backdoors to other criminals. This shift in approach could be to evade law enforcement or explore new monetization avenues.