'Everest Group' Extorts Global Orgs via SAP's HR Tool
In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.
Stay updated on cyber extortion trends: threats, prevention tips, and incident responses. Protect your data with the latest info on digital ransom tactics.
Search across headline titles and summaries.
Background for this topic.
Extortion is coercion through threats: an attacker demands money or another concession while threatening harm if the victim refuses. In cybersecurity, this commonly involves encrypting systems and demanding payment for recovery, stealing data and threatening to publish it (often called double extortion), or threatening service disruption. The threatened harm may be real, exaggerated, or based on data the attacker did not actually obtain; payment does not guarantee data deletion, secrecy, or restoration.
Security teams should treat an extortion demand as a potential incident: preserve evidence, isolate affected systems, determine whether data was accessed, and involve legal and privacy specialists where notification or regulatory duties may apply. Offline, tested backups can reduce leverage from encryption, but they do not address stolen information. Reviewing exposed remote services, credentials, and unpatched internet-facing systems can help contain the access path, while threat intelligence may help assess the attacker’s claims and identify related activity.
In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.
An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware
Some Patients Threatened Directly by Hackers; Center to Spend $13.5M on SecurityA Seattle cancer center has agreed to pay $11.5 million to settle a proposed class action lawsuit involving a 2023 double-extortion ransomware attack that affected 2.1 million people, with some patients directly threatened by hackers with swatting attacks if they didn't pay a ransom.
The non-ransomware extortion group has switched up tactics and victimology in a deliberate and focused campaign similar to those of other attackers focused on stealing sensitive data.
The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years
Teenager Charged With Stealing K-12 Student and Faculty Data, $3 Million ExtortionMassachusetts teenage college student Matthew Lane has been accused of hacking into K-12 student information system platform provider PowerSchool and holding stolen student and faculty data to ransom. Prosecutors said Lane has agreed to plead guilty to multiple charges tied to two hack attacks.