Pincu Barkan Hit by Everest Ransomware Data Breach
Ransomware Attack on Pincu Barkan Law Office by Everest Group
Pincu Barkan, a distinguished law office and notary service based in Ramat Gan, Israel, has recently fallen victim to a ransomware attack orchestrated by the Everest group. Known for its expertise in immigration law, particularly European citizenship and passport applications, the firm has established itself as a leader in the Israeli legal market since its inception in 2007. The firm's reputation is built on its comprehensive legal services, which include immigration, litigation, and notarial services, catering to a diverse clientele seeking legal assistance both domestically and internationally.
Attack Overview
The Everest ransomware group has claimed responsibility for the attack, which has resulted in a significant data breach. The attackers have threatened to release the compromised data within a two-week timeframe. The breach reportedly involves over 230,000 files, including sensitive information such as personal IDs, FBI crime records, and birth certificates. Sample screenshots of the stolen data have already been posted on Everest's dark web portal, underscoring the severity of the breach.
About the Everest Ransomware Group
Everest is a Russian-speaking cybercriminal organization known for its double extortion tactics, which involve encrypting victim data while threatening to leak sensitive information. The group has evolved to become an Initial Access Broker, selling unauthorized access to networks to other ransomware groups. Everest has targeted various sectors, including healthcare and government, and is notorious for its sophisticated infiltration methods, such as lateral movement and credential access.
Potential Vulnerabilities
Pincu Barkan's specialization in handling sensitive immigration and legal documents may have made it an attractive target for threat actors like Everest. The firm's reliance on digital systems for managing client information and legal documentation could have presented vulnerabilities that the attackers exploited. The breach highlights the critical need for effective cybersecurity measures to protect sensitive data, especially in sectors dealing with personal and legal information.
Penetration Tactics
While specific details of how Everest penetrated Pincu Barkan's systems remain undisclosed, the group's known tactics include using compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement within networks. They also employ tools like ProcDump for credential access and Cobalt Strike for command and control communications. These methods enable the group to exfiltrate data and execute their double extortion strategy effectively.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!