Everest Ransomware Group Targets Speed Advisory in Major Cyber Attack

Overview of Speed Advisory

Speed Advisory is a financial services firm based in Southwest Ohio, specializing in bookkeeping, payroll, tax services, and business advisory. The company caters to a diverse clientele, including professional service providers, restaurants, breweries, business start-ups, and other service-based businesses. Speed Advisory is known for its personalized service and fixed monthly fee structure, which aims to provide cost-effective solutions for its clients. The firm emphasizes strategic guidance in financial planning, operational efficiency, and succession planning, helping businesses streamline their financial processes and achieve sustainable growth.

Details of the Ransomware Attack

Speed Advisory has recently fallen victim to a ransomware attack orchestrated by the Everest group. The attackers have issued a stern ultimatum, giving the company just 24 hours to make contact using the provided instructions. Failure to comply will result in the public release of all stolen data. The total amount of data compromised in this attack is 150 GB, with a sample size already leaked to demonstrate the severity of the breach.

About the Everest Ransomware Group

The Everest Ransomware Group is a notorious cybercriminal organization active since at least December 2020. Known for its involvement in ransomware attacks, data exfiltration, and initial access brokering, Everest targets organizations across various industries and regions. The group employs a combination of legitimate compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement. It uses AES and DES algorithms to encrypt files, adding the “.EVEREST” extension to the encrypted files. Everest has been linked to other ransomware groups, such as BlackByte, and has collaborated with the Ransomed.vc group on several occasions.

Vulnerabilities and Penetration

Speed Advisory's vulnerabilities that may have been exploited by the Everest group include potential weaknesses in their cybersecurity infrastructure, such as outdated software, insufficient network segmentation, and inadequate employee training on phishing and social engineering attacks. The use of RDP and compromised user accounts suggests that the attackers may have gained initial access through weak or reused passwords, unpatched software vulnerabilities, or phishing campaigns targeting employees.

Implications for Speed Advisory

The ransomware attack on Speed Advisory highlights the growing threat of cyber attacks on small to medium-sized businesses in the financial sector. The breach not only jeopardizes the sensitive financial data of their clients but also poses significant operational and reputational risks. As the company navigates the aftermath of the attack, it will need to address these vulnerabilities and strengthen its cybersecurity measures to prevent future incidents.

Sources

• Speed Advisory
• Everest Ransomware Group Increases Initial Access Broker Activity
• Everest Ransomware
• On the Horizon: Ransomed.vc Ransomware Group Spotted in the Wild