Everest Ransomware Strikes Zuber Gardner CPAs Inc.

Incident Date:

May 9, 2024

World map

Overview

Title

Everest Ransomware Strikes Zuber Gardner CPAs Inc.

Victim

Zuber Gardner CPAs Inc.

Attacker

Everest

Location

Independence, USA

Ohio, USA

First Reported

May 9, 2024

Ransomware Attack on Zuber Gardner CPAs Inc. by Everest

Victim Profile

Zuber Gardner CPAs Inc. is a full-service tax, accounting, and business consulting firm based in Cleveland, Ohio. The company's team of experienced CPAs is dedicated to helping businesses achieve lasting economic success by providing customized financial services tailored to their unique needs. Their services include tax preparation, bookkeeping setup, and expert accounting solutions designed to optimize financial decisions and minimize tax obligations.

Company Size and Standout

The firm is a small to medium-sized business that stands out by offering a free consultation to determine how it can best serve its clients. This approach demonstrates a commitment to understanding the unique needs of each client and providing personalized services.

Industry Vulnerabilities

Being in the Business Services sector, the company may have been targeted by threat actors due to the sensitive financial information they handle for their clients. The company's focus on small and medium-sized businesses could make them an attractive target for cybercriminals looking to exploit vulnerabilities in their systems.

Ransomware Group Tactics

The Everest Ransomware Group, known for its involvement in ransomware attacks and data exfiltration, targeted Zuber Gardner CPAs Inc. in a recent cybercrime attack. The group employs a combination of compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement. They use encryption algorithms to encrypt files and demand ransom for decryption keys.

Penetration and Data Exfiltration

In the attack on Zuber Gardner CPAs Inc., Everest managed to exfiltrate a substantial amount of data totaling 350 GB. The specific ransom demands were not disclosed, but the attack highlights the group's ability to penetrate the company's systems and extract sensitive information.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.