Everest website disappears from the darknet after unexpected deface with message from Prague

One of the central sources of information leaks of the hacking group Everest, known for its ransom attacks, suddenly disappeared from the darknet. The reason is a funny deface that replaced the list of victims with a laconic message: “Don’t do crime. CRIME IS BAD. xoxo from Prague”. Who is behind this attack is not yet known.

• The platform with data leaks, which was used by the Russian-speaking Everest group, was hacked over the weekend, and from Monday it completely disappeared from the darknet.
• At the time of the hack, the site did not have a standard banner about the law enforcement operation – as is usually the case during international special operations. Instead, there was a simple “anti-crime” message, without any hints of law enforcement agencies.

Some experts suggest that this could be an exit scam, similar to the AlphV/BlackCat incident last year, which simulated a police takeover of the site in order to secretly embezzle funds from affiliates.

However, there are currently no complaints from Everest “affiliates” on cybercrime forums, which could indicate external interference. The disappearance of the Everest site is a symptom of a larger shift in the ransomware ecosystem. While previously such groups could operate with impunity for years, today’s digital “special forces” (operations by Western governments) are forcing even the most resilient to either disappear into the shadows or resort to simulated collapse.

This incident shows that cybercrime is not invulnerable. Global pressure, declining profitability, and internal distrust make darknet groups vulnerable. And such messages from Prague – even if they are a joke – demonstrate a new phase in the fight against cybercriminals.