Everest Ransomware Hits ArcTrade Exposing 40,000 Customers

Incident Date: Nov 01, 2024

Attack Overview

VICTIM

Arctrade

INDUSTRY

Energy, Utilities & Waste

LOCATION

USA

ATTACKER

Everest

FIRST REPORTED

November 1, 2024

Request Removal

Everest Ransomware Group Targets ArcTrade: A Detailed Analysis

ArcTrade, a technology company specializing in the retail energy sector, has recently fallen victim to a ransomware attack orchestrated by the notorious Everest group. This breach has exposed sensitive data of over 40,000 customers, alongside critical internal information, posing significant risks to the company's operations and customer trust.

ArcTrade: A Pioneer in Retail Energy Technology

Founded in 2017 and headquartered in San Diego, California, ArcTrade operates within the Information Technology and Services industry. The company employs between 11 to 50 individuals and generates revenue between $5 million and $10 million. ArcTrade is renowned for its comprehensive digital solutions that enhance operational efficiency in the energy service industry. Their flagship offering, the ArcTrade Intelligence Platform, integrates functionalities such as electronic data interchange, pricing management, and energy trading. This platform is pivotal in replacing outdated systems with intelligent automation, facilitating a streamlined approach to energy service delivery.

Vulnerabilities and Attack Overview

ArcTrade's focus on digitizing and automating energy services makes it a prime target for cybercriminals. The Everest ransomware group exploited these vulnerabilities, threatening to release the company's sensitive data within a 13 to 14-day window. The attackers substantiated their claims by posting sample screenshots of the stolen data on their dark web portal, highlighting the breach's severity.

Everest Ransomware Group: A Notorious Cybercriminal Entity

Active since December 2020, the Everest ransomware group is known for its involvement in ransomware attacks, data exfiltration, and initial access brokering. The group has a history of targeting organizations across various industries, with a particular focus on the Americas. Everest employs a combination of legitimate compromised user accounts and Remote Desktop Protocol for lateral movement, using AES and DES algorithms to encrypt files. The group's recent shift towards Initial Access Broker activity suggests a strategic evolution in its operations.

Potential Penetration Methods

While the exact method of penetration into ArcTrade's systems remains unclear, Everest's tactics typically involve exploiting compromised user accounts and leveraging RDP for unauthorized access. The group's ability to infiltrate and encrypt critical data underscores the importance of effective cybersecurity measures in protecting sensitive information.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.