28.07.2025
2 min
458
A powerful hacking group, Everest, with ties to Russia, has announced a breach of the network of Crumbl Cookies, a large US bakery franchise. The attackers have already posted samples of data and are demanding a ransom for the non-disclosure of personal information of 29,000 employees.
The hackers have published samples of the stolen information on their dark web site — there are names, emails, phone numbers, photos, dates of birth and work IDs. According to Everest, the attackers have in their hands not only the data of the employees, but also their FCM tokens and internal documentation from more than 1,000 Crumbl branches in the US, Canada and Puerto Rico.
Everest did not leave the usual text message — instead, the company was given an audio recording with instructions and a countdown to the publication of the full archive if they do not get in touch. At the time of writing, there are 4 days left.
The Everest group emerged in 2021 and is linked to more experienced attackers BlackByte. In 2023–2025, they carried out 248 attacks, including against Coca-Cola, Mediclinic, Jordan Kuwait Bank, as well as the authorities of the UAE and Jordan. Everest practically does not use encryption – it relies on blackmail through the publication of parts of leaked information.
This case from Crumbl highlights a new tactic of modern ransomware groups: instead of encryption – public pressure through leaks. These attacks are especially dangerous for companies with a high public image, as the risks of reputational damage and lawsuits increase exponentially.
