Everest Ransomware Attack on Backus, Meyer & Branch, LLP

The law firm Backus, Meyer & Branch, LLP, based in Manchester, New Hampshire, has been targeted by the Everest ransomware group. The firm, which has provided legal counsel in Hillsborough County and throughout New Hampshire and Massachusetts for nearly four decades, has been hit by a ransomware attack that has been claimed by the Everest group on their dark web leak site.

Company Size and Industry Standout

Backus, Meyer & Branch, LLP, is a law firm with a team of experienced attorneys, many of whom have more than 20 years of legal experience. The firm is known for its award-winning legal counsel and has been recognized by peers and industry publications for consistently stellar performance, including being named to Super Lawyers and Best Lawyers.

Vulnerabilities and Targeting

The Everest ransomware group has been observed using a variety of tactics to gain access to corporate networks, including targeting disgruntled or rebellious employees for insider access. The group has also been known to use phishing attacks and other social engineering techniques to gain access to networks.

The Everest ransomware group has been active since at least December 2020 and has gone through several iterations, initially focusing on data exfiltration before becoming a ransomware operator, and now increasingly specializing as an Initial Access Broker (IAB). The group targets organizations across a range of industries and regions, with a particular concentration in the Americas and capital goods, health, and the public sector.

Response and Mitigation

The Everest ransomware group has been observed deleting its advertisements from its leak site, which can make it difficult for other security professionals to track their activity. However, dark web intelligence platforms like Cerberus can capture deleted posts, allowing for a more comprehensive understanding of the group's activity.

To mitigate the risk of ransomware attacks, organizations should implement robust cybersecurity measures, including regular software updates, employee training, and the use of multi-factor authentication. In the event of an attack, it is crucial to have a well-defined incident response plan in place, which includes the ability to isolate affected systems and restore data from backups.

Sources

• Backus, Meyer & Branch, LLP
• The Register: Everest searching for corporate insiders amid rare pivot
• Searchlight Cyber: Everest Ransomware Group Increases Initial Access Broker Activity
• Business Wire: Dark Web Intelligence Shows Everest Ransomware Group Increasing Initial Access Broker Activity
• SC Media: Everest ransomware operation transitioning as IAB