Everest Ransomware Hits SH Pension, Compromises 100GB of Data
Everest Ransomware Group Targets SH Pension in Major Cyber Attack
Overview of SH Pension
SH Pension, formerly known as Svensk Handel Pensionskassan, is a prominent Swedish occupational pension company. The organization specializes in providing tailored pension solutions, including traditional insurance and unit-linked insurance options, primarily for businesses and their employees. SH Pension transitioned into an occupational pension company on June 1, 2021, after receiving authorization from the Swedish Financial Supervisory Authority (Finansinspektionen) to operate under the IORP II directive. This transformation has allowed the company to enhance the security and transparency of its offerings while expanding its client base.
Details of the Ransomware Attack
On July 23, 2024, SH Pension fell victim to a ransomware attack orchestrated by the Everest ransomware group. The attack resulted in the compromise of approximately 100GB of sensitive data, raising significant concerns about the security of employee pension information and the potential impact on the company's operations and reputation. The attackers infiltrated SH Pension's systems, encrypted critical files, and demanded a ransom for the decryption key.
About the Everest Ransomware Group
The Everest ransomware group is a notorious cybercriminal organization known for its involvement in ransomware attacks, data exfiltration, and initial access brokering. Active since at least December 2020, Everest has targeted organizations across various industries and regions, with a particular focus on the Americas and sectors such as capital goods, health, and the public sector. The group employs a combination of legitimate compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement, using AES and DES algorithms to encrypt files.
Penetration and Vulnerabilities
The exact method of penetration used by Everest to infiltrate SH Pension's systems remains unclear. However, common tactics include exploiting vulnerabilities in remote access protocols, phishing attacks, and leveraging compromised user accounts. SH Pension's recent migration to a cloud-based policy administration solution may have introduced new vulnerabilities that the attackers exploited. The company's focus on modernizing its operations and enhancing operational efficiency could have inadvertently created security gaps.
Impact on SH Pension
The ransomware attack on SH Pension has significant implications for the company. The compromise of sensitive data not only threatens the financial security of its clients but also poses a risk to the company's reputation and operational stability. As SH Pension plays a vital role in the Swedish pension landscape, the attack underscores the importance of robust cybersecurity measures in protecting critical financial information.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!