everest attacks United States of America GOV

Incident Date:

April 6, 2022

World map



everest attacks United States of America GOV


United States of America GOV




Los Angeles, USA

California, USA

First Reported

April 6, 2022

Ransomware Attack on R&D Incentives Group

Company Profile

R&D Incentives Group, a company dedicated to assisting businesses in claiming Research and Development tax credits, has recently fallen victim to a ransomware attack by the Everest group. This firm is notable for its collaboration with major accounting firms, leveraging a team of Big 4 CPAs, tax attorneys, engineers, and technology experts to maximize federal and state tax incentives through unique data gathering tools, comprehensive due diligence, and a streamlined client-centric process.


The precise vulnerabilities exploited in the ransomware attack on R&D Incentives Group remain unspecified. However, it is widely acknowledged that ransomware attacks typically exploit software vulnerabilities, outdated systems, or human errors, such as susceptibility to phishing emails.


While the specific consequences of the ransomware attack on R&D Incentives Group are not detailed, references suggest that the incident led to system damage, business interruption, and contractual liabilities for a managed service provider (MSP) involved in a related case study.


The response strategy employed by the MSP in the aftermath of the ransomware attack involved negotiating the ransom payment and securing a decryption key, facilitated by the CFC Response team. The details of R&D Incentives Group's direct response to the attack are not provided.


To mitigate the risk of ransomware attacks, organizations are advised to adopt comprehensive cybersecurity measures. These include conducting regular software updates, providing employee training to recognize potential threats, and implementing multi-factor authentication. Furthermore, maintaining comprehensive technology E&O and cyber insurance policies can significantly reduce the financial impact of such cyber incidents.

The ransomware attack on R&D Incentives Group underscores the critical importance of maintaining vigilant cybersecurity practices. While the specific vulnerabilities exploited in this instance are not disclosed, the ramifications of ransomware attacks—such as system damage, business disruption, and contractual liabilities—demonstrate the substantial risks businesses face in the digital age.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.