Daily Dark Web has published an interesting interview with Everest Group about the Collins Aerospace cyberattack that affected several airports.
In the interview, Everest disputes several claims made by Collins or in the media regarding the incident. Collins’ parent company, RTX, had described the attack as a “ransomware” incident, but Everest asserts there was no encryption involved.
Although Everest was initially known as the “Everest Ransomware Group,” the “Ransomware” part is no longer applicable to them, as they focus on exfiltrating data and extorting entities to pay them to either delete the data or not leak it.
[DataBreaches is aware that some threat actors object to their methods being described as “extortion” as opposed to “ransom,” but “extortion” is applicable.]
Everest asserts that they did not encrypt any files, had no involvement with HardBit ransomware, and were not associated with an individual who was arrested.
Everest also makes specific accusations against Collins/RTX that DataBreaches is not repeating.
You can read the whole interview on Daily Dark Web.