Everest Ransomware Strikes Zuber Gardner CPAs Inc.
Incident Date:
May 9, 2024
Overview
Title
Everest Ransomware Strikes Zuber Gardner CPAs Inc.
Victim
Zuber Gardner CPAs Inc.
Attacker
Everest
Location
First Reported
May 9, 2024
Ransomware Attack on Zuber Gardner CPAs Inc. by Everest
Victim Profile
Zuber Gardner CPAs Inc. is a full-service tax, accounting, and business consulting firm based in Cleveland, Ohio. The company's team of experienced CPAs is dedicated to helping businesses achieve lasting economic success by providing customized financial services tailored to their unique needs. Their services include tax preparation, bookkeeping setup, and expert accounting solutions designed to optimize financial decisions and minimize tax obligations.
Company Size and Standout
The firm is a small to medium-sized business that stands out by offering a free consultation to determine how it can best serve its clients. This approach demonstrates a commitment to understanding the unique needs of each client and providing personalized services.
Industry Vulnerabilities
Being in the Business Services sector, the company may have been targeted by threat actors due to the sensitive financial information they handle for their clients. The company's focus on small and medium-sized businesses could make them an attractive target for cybercriminals looking to exploit vulnerabilities in their systems.
Ransomware Group Tactics
The Everest Ransomware Group, known for its involvement in ransomware attacks and data exfiltration, targeted Zuber Gardner CPAs Inc. in a recent cybercrime attack. The group employs a combination of compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement. They use encryption algorithms to encrypt files and demand ransom for decryption keys.
Penetration and Data Exfiltration
In the attack on Zuber Gardner CPAs Inc., Everest managed to exfiltrate a substantial amount of data totaling 350 GB. The specific ransom demands were not disclosed, but the attack highlights the group's ability to penetrate the company's systems and extract sensitive information.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.