Stenobird

Episode

94; Everest Ransomware

Podcast
Inside Darknet
Published
Nov 15, 2025
Duration seconds
1254
Processing state
processed
Canonical source
https://podcasters.spotify.com/pod/show/insidedarknet/episodes/94-Everest-Ransomware-e3aul4d
Audio
https://traffic.megaphone.fm/APO5285834390.mp3
JSON
/v1/public/podcasts/inside-darknet-6682885/episodes/94-everest-ransomware
Markdown
/podcast/inside-darknet-6682885/94-everest-ransomware.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/inside-darknet-6682885/episodes/94-everest-ransomware/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/inside-darknet-6682885/94-everest-ransomware.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

An investigation into the discrepancy between Collins Aerospace's claim of a ransomware attack and the Everest Group's claim of a pure data breach. The episode explores the allegation that the company intentionally shut down systems to trigger insurance payouts.

Topics

  • Ransomware
  • Data Breach
  • Collins Aerospace
  • Everest Group
  • Cybersecurity
  • Infrastructure Security
  • Insurance Fraud
  • Darknet

Highlights

  • Main idea: The Everest Group claims they only exfiltrated 50GB of data and never used encryption to lock systems
  • Failure mode: Critical infrastructure reliance on outdated software and insecure FTP servers allowed for massive data theft
  • Controversy: Allegations that the company manually disabled systems to claim ransomware damages for insurance purposes
  • Practical takeaway: Data breaches involving passenger and employee PII can paralyze international travel hubs without any encryption occurring
  • Failure mode: Lack of transparency in incident response can lead to secondary much larger-scale public distrust and chaos

Chapters

  1. 1:00 The Airport Chaos: Description of the September weekend where major European airports like Heathrow and Berlin-Brandenburg were forced into manual operations.
  2. 11:40 The Scope of the Breach: Details on the 50GB of stolen data, including passenger PII, flight data, and internal network topology.
  3. 14:40 The Everest Group's Motivation: An interview with the group discussing their operational philosophy and their decision to target systemic negligence.
  4. 19:10 The Insurance Fraud Allegation: The group's claim that the company's shutdown was a coordinated effort to trigger insurance coverage.
  5. 20:40 The Aftermath: Reflections on the impact of leaks and the group's message regarding corporate accountability.