-
Popular ransomware group, Everest, has published negotiation logs and sensitive information because Nissan didn’t agree to their ransom demand.
-
The hackers claim they accessed Nissan’s systems using eight credential pairs that leaked in a data breach that happened 3 years ago.
-
Everest is now threatening to release all unredacted customer personal data on April 3, while also warning Nissan’s new partners like Uber and Nvidia.
Everest ransomware gang has just posted private negotiation logs and fresh data leaks on their dark web site.
For months, the hackers have been trying to get Nissan to pay ransom to recover 900GB of stolen data. But the automaker didn’t bulge. So leaking the data is probably a way to let Nissan know they’re not bluffing.
A Standoff That Started in January
This all began back in January. Everest gave Nissan five days to pay up or watch 900GB of internal data go public. Nissan didn’t pay. So the gang is now turning up the heat in a very public way.
The hackers claim the stolen data is massive. They say it includes daily customer database dumps spanning six years, auto loan records from Nissan Financial Services, dealer employee details, repair orders, wholesale invoices, and business reports.
The breach reportedly hit GCSSD Apps. These GCSSD apps refer to FTP servers that manage the Nissan and Infiniti dealer network in North America.
How did they get in? According to Everest, they used eight username and password pairs. The kicker? These credentials had been floating around in breach databases for almost three years now.
The gang found them across more than 30 separate compilations. They also claim the passwords hadn’t been changed for at least three years, and there was no multi-factor authentication in place.
Desperation Shows in the Details
This isn’t just about data anymore. Everest is trying to embarrass Nissan into paying. The gang is pointing out that this isn’t Nissan’s first security rodeo. They claim the root cause is always the same: exposed credentials on internet-facing systems.
They’re also warning that a class-action lawsuit is “virtually inevitable,” arguing that Nissan has missed all customer notification deadlines.
But here’s the thing: security researchers say the long rant on Everest’s dark web site reeks of desperation. Normally, the group just posts a list of stolen data and a few sample photos. This time, they’re posting entire negotiation logs and threatening to release everything on April 3.
The chat logs between Everest and a Nissan representative show the frustration building. In mid-March, Everest warned: “Let’s be clear: we’re holding 2.5 million people’s personal data and 900GB of your corporate data.” They stated that if this leaks, over 2.5 million lawsuits won’t just cost you money; they’ll cost billions.
This tactic of threatening to leak personal data for financial gain is being replicated at the consumer level, scammers are now sending extortion emails demanding Bitcoin payments under the threat of selling stolen data on the dark web, preying on individuals’ fear of identity theft just as Everest preys on Nissan’s fear of lawsuits.
After hearing “management is discussing” multiple times over two months, Everest snapped. They called out Nissan’s board for moving fast on a $1.5 million employee lawsuit and an Uber deal, but dragging their feet here.
The hackers even took a swipe at Nissan’s new partners. They sent a pointed message to Uber, Wayve, and Nvidia companies teaming up with Nissan on AI-powered robotaxis, saying,
“We believe you have the right to know what kind of partner you signed with.”
What’s Next?
Everest says it will release the full, unredacted customer data on April 3 if Nissan still refuses to pay. So far, Nissan hasn’t commented publicly.
For now, the company isn’t compromising its position regarding the ransom payment. However, the personal data of 2.5 million people is at stake here and Everest’s clearly running out of patience. So, the matter is becoming serious, and Nissan might have no choice but to make a move soon.
