Everest Ransomware Hits Speed Advisory: 150GB Data Compromised
Incident Date:
July 26, 2024
Overview
Title
Everest Ransomware Hits Speed Advisory: 150GB Data Compromised
Victim
Speed Advisory
Attacker
Everest
Location
First Reported
July 26, 2024
Everest Ransomware Group Targets Speed Advisory in Major Cyber Attack
Overview of Speed Advisory
Speed Advisory is a financial services firm based in Southwest Ohio, specializing in bookkeeping, payroll, tax services, and business advisory. The company caters to a diverse clientele, including professional service providers, restaurants, breweries, business start-ups, and other service-based businesses. Speed Advisory is known for its personalized service and fixed monthly fee structure, which aims to provide cost-effective solutions for its clients. The firm emphasizes strategic guidance in financial planning, operational efficiency, and succession planning, helping businesses streamline their financial processes and achieve sustainable growth.
Details of the Ransomware Attack
Speed Advisory has recently fallen victim to a ransomware attack orchestrated by the Everest group. The attackers have issued a stern ultimatum, giving the company just 24 hours to make contact using the provided instructions. Failure to comply will result in the public release of all stolen data. The total amount of data compromised in this attack is 150 GB, with a sample size already leaked to demonstrate the severity of the breach.
About the Everest Ransomware Group
The Everest Ransomware Group is a notorious cybercriminal organization active since at least December 2020. Known for its involvement in ransomware attacks, data exfiltration, and initial access brokering, Everest targets organizations across various industries and regions. The group employs a combination of legitimate compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement. It uses AES and DES algorithms to encrypt files, adding the “.EVEREST” extension to the encrypted files. Everest has been linked to other ransomware groups, such as BlackByte, and has collaborated with the Ransomed.vc group on several occasions.
Vulnerabilities and Penetration
Speed Advisory's vulnerabilities that may have been exploited by the Everest group include potential weaknesses in their cybersecurity infrastructure, such as outdated software, insufficient network segmentation, and inadequate employee training on phishing and social engineering attacks. The use of RDP and compromised user accounts suggests that the attackers may have gained initial access through weak or reused passwords, unpatched software vulnerabilities, or phishing campaigns targeting employees.
Implications for Speed Advisory
The ransomware attack on Speed Advisory highlights the growing threat of cyber attacks on small to medium-sized businesses in the financial sector. The breach not only jeopardizes the sensitive financial data of their clients but also poses significant operational and reputational risks. As the company navigates the aftermath of the attack, it will need to address these vulnerabilities and strengthen its cybersecurity measures to prevent future incidents.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.