-
According to the Everest Ransomware gang, they have acquired 1.4 terabytes worth of data from Iron Mountain. Included in this data are internal documents and very sensitive information about Iron Mountain’s customers.
-
The hackers put up proof of the folders by posting screenshots on their dark web site to support their claims; however, they have not released the actual files, which is typically done to put pressure on their victims during ransom negotiations.
-
These Russian-linked hackers have given Iron Mountain until February 11th to comply with their requests.
The Everest ransomware gang claims they stole 1.4 terabytes of Iron Mountain’s data. According to the hackers, they were able to access internal corporate files and client information, and will release this information publicly if the firm fails to comply with their demands by February 11.
Iron Mountain is a leading provider of secure data storage and information management globally and has yet to make a statement on whether or not the company has been compromised. This leaves its many clients, from movie studios to major corporations, waiting for answers.
Iron Mountain to Pay Ransom or Risk Data Leak
Everest posted the hack claims on its dark web leak site. This site is used to publicly pressure victims by showcasing stolen data. In their post, the hackers stated they accessed a massive 1.4 TB of information.
The stolen cache reportedly contains a “variety of personal documents and information of clients.” To back up their claim, Everest shared screenshots of what appears to be the compromised database.
The screenshots show lists of folder names. Many appear to be named after Iron Mountain’s clients. Others point to internal marketing and research materials. Based on the names, the exposed information could range from movie studio files to jewelry firm data.
Notably, the gang has not released any downloadable files. This tactic is common among ransomware groups. It acts as a warning shot to force the company into negotiations. A digital countdown clock on the post is set to expire on February 11th.
Why an Iron Mountain Breach is So Serious
Iron Mountain is not just another company. It is a global information fortress. Founded in a hardened former iron mine, it was built to survive a nuclear attack. Today, it is a trusted vault for the world’s most sensitive data.
The company stores everything from corporate records and legal documents to the master recordings for major music labels. Some of its secure facilities even have built-in recording studios. This ensures valuable intellectual property never has to leave the premises.
A confirmed breach here is far more dangerous than a typical corporate hack. Iron Mountain provides a safe place for its clients’ most confidential information. Hackers will be able to break into Iron Mountain and steal not just their clients’ sensitive information, but also their priceless intellectual property and official trade secrets.
The repercussions of this potential breach would be unprecedented. The devastating impact this would have on Iron Mountain’s hard-earned reputation could be catastrophic for its clients and could have severe financial ramifications for it, as well as affect the greater economy. Iron Mountain generated more than $6 billion in revenue for the year 2024 and has more than 11,000 employees working in many different countries.
A Little About the Everest Hacker Group
The group claiming credit for this attack is the notorious Everest ransomware gang. Analysts widely believe the gang operates in, or has links to, Russia. They started operating in July 2021 and have targeted many big corporations since then.
Everest has a history of targeting high-profile companies. In the last year alone, the gang has claimed attacks on electronics giant ASUS, Brazilian petroleum leader Petrobras, automaker Nissan, and McDonald’s operations in India. Most recently, Everest also claimed Under Armour as its latest victim in its ongoing global attack spree.
Their method remains consistent: they first breach networks, steal data, and then threaten to release it publicly unless victims pay large sums. The alleged attack on Iron Mountain follows this exact playbook.
What We Know Now and What’s Next
For now, Iron Mountain has not yet confirmed that the said breach happened. According to the hackers, they were able to access internal corporate files and client personal information, which means they can provide proof of their access to, and hence possession of, this information until the firm complies with their demands by February 11, 2020, or else the firm will have its data exposed publicly.
Iron Mountain, a leading global provider of secure data storage and information management, has not yet stated whether attackers compromised the company. It could be contact information, contracts, or far more sensitive material.
The situation is a waiting game. All eyes are on Iron Mountain for an official response. Meanwhile, the February 11 deadline set by the Everest gang continues to tick down.
The outcome will depend on the company’s investigation and its decision on whether to negotiate. One thing is clear. The cybersecurity world is watching closely. A successful breach of the “iron mountain” would be a symbolic and devastating win for ransomware gangs everywhere, further emboldening groups like the one that recently claimed a ransomware attack on Australian transport tracker Netstar.
