According to a post on the Dark Trance Twitter account, which updates and reports on cyberattacks, Brazil is in the crosshairs of a Russian hacker group. However, the group named Everest ransomware already claimed to have hacked the government network and put up for sale more than 3 TB of data.
“Access to the Gov Brasil network, more than 3 TB of data, is for sale. For questions, contact: [email protected],” says the ransomware group’s website.
There is no information on which Brazilian government folders the organization would have invaded, nor the type of data they have in their hands. The Everest group has a long list of victims, including companies and governments around the world, threatening to sell access to the institutions’ network and data as a form of extortion.
The Federal Data Processing Service (Serpro), the institution responsible for managing the largest database in the country with information on all Brazilian citizens, denied the attack and stated that so far there is no indication of such an invention in its databases.
“The systems developed and maintained by the company are still in full operation and, at this moment, there are no signs of cybercrime in our databases,” he said in response to Olhar Digital’s contact.
Even though Serpro has not confirmed the cyber attack on Brazil’s government systems, this would not be the first time Everest has reported attacking Brazilian federal agencies. The organization has already invaded systems of the Attorney General’s Office of the National Treasury, of the Ministry of Economy. Governments of other countries are also part of the list, such as Peru, the United States and Argentina.
Who is Everest?
It is a criminal team that breaks into systems and commercializes access to networks. They are very active and well-known in this area because of their “business model”, which has become a trend in the security sector.
What they do is collect data and encryption and then wait for the victim to pay the ransom. Otherwise, the group puts the information up for sale on the dark web, giving other hackers access to the data, which can result in the victim receiving multiple attacks at the same time.
Check out the tweet: