Everest Ransomware Hits SH Pension, Compromises 100GB of Data
Incident Date:
July 22, 2024
Overview
Title
Everest Ransomware Hits SH Pension, Compromises 100GB of Data
Victim
SH Pension
Attacker
Everest
Location
First Reported
July 22, 2024
Everest Ransomware Group Targets SH Pension in Major Cyber Attack
Overview of SH Pension
SH Pension, formerly known as Svensk Handel Pensionskassan, is a prominent Swedish occupational pension company. The organization specializes in providing tailored pension solutions, including traditional insurance and unit-linked insurance options, primarily for businesses and their employees. SH Pension transitioned into an occupational pension company on June 1, 2021, after receiving authorization from the Swedish Financial Supervisory Authority (Finansinspektionen) to operate under the IORP II directive. This transformation has allowed the company to enhance the security and transparency of its offerings while expanding its client base.
Details of the Ransomware Attack
On July 23, 2024, SH Pension fell victim to a ransomware attack orchestrated by the Everest ransomware group. The attack resulted in the compromise of approximately 100GB of sensitive data, raising significant concerns about the security of employee pension information and the potential impact on the company's operations and reputation. The attackers infiltrated SH Pension's systems, encrypted critical files, and demanded a ransom for the decryption key.
About the Everest Ransomware Group
The Everest ransomware group is a notorious cybercriminal organization known for its involvement in ransomware attacks, data exfiltration, and initial access brokering. Active since at least December 2020, Everest has targeted organizations across various industries and regions, with a particular focus on the Americas and sectors such as capital goods, health, and the public sector. The group employs a combination of legitimate compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement, using AES and DES algorithms to encrypt files.
Penetration and Vulnerabilities
The exact method of penetration used by Everest to infiltrate SH Pension's systems remains unclear. However, common tactics include exploiting vulnerabilities in remote access protocols, phishing attacks, and leveraging compromised user accounts. SH Pension's recent migration to a cloud-based policy administration solution may have introduced new vulnerabilities that the attackers exploited. The company's focus on modernizing its operations and enhancing operational efficiency could have inadvertently created security gaps.
Impact on SH Pension
The ransomware attack on SH Pension has significant implications for the company. The compromise of sensitive data not only threatens the financial security of its clients but also poses a risk to the company's reputation and operational stability. As SH Pension plays a vital role in the Swedish pension landscape, the attack underscores the importance of robust cybersecurity measures in protecting critical financial information.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.