everest

Ransomware group profile

196Victims

RussiaSource country

99Impact score

Description

Everest is a Russian-linked ransomware group that emerged in December 2020, primarily motivated by financial gain through data extortion. They specialize in collecting sensitive customer data, threatening victims with data leakage while operating under a unique model that emphasizes data leaks over traditional ransomware encryption.

Key insights

•Everest operates using double extortion tactics, encrypting data while also threatening to leak sensitive information.
•They leverage Initial Access Broker tactics, often selling or purchasing access to compromised networks.
•The group commonly uses tools like Cobalt Strike for command and control, along with remote access software to maintain their presence in victim networks.
•Data is exfiltrated before ransom demands, with threats of publishing it on dark web leak sites.
•They frequently delete access advertisements from leak sites to obscure the full extent of their activities.

Industries

Energy & Utilities Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For everest · Based on incidents in selected period

2.1threat level

Aggressiveness5/ 10

Lethality0.2/ 10

Criticality0.9/ 10

Status Breakdown

Data Leaked3.1%6

Negotiating0.5%1

Claimed95.9%188

First seenJul 2025

Last seenMay 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 18, 2026

Recent activity

Monthly attack count for everest in the selected period

196Total attacks

30peak in Feb

17.8avg / month

↑ 4 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for everest

2887127ea53a5363e7bda7dfbd657a7c
21d780933d9124ce4c262c005303387a9a0bd7919c46fcc51a4245f91591e933
a4352cb19d717aebb1ec6636be9e399b0b77625b989c57e3fd4bf594f4b6f801
57c8edb95df3f0ad4ee2dc2b8cfd4157
b2dcf834739342b162673e42623aaaa55eb6b5e7
577674bbdf441ac8e95f98871d2d786776ebab7a5029a01614ce51f940713774
ca988a32f138a2b748f4e2ffe505feac45296c3abe53109105a9369336f9c9d7
80be72b8fe27510e702b7038cc89a4bad022982a693ae0f9c115699d99192118
363a21c7185ba0c677cc60a7a88f541563858a5c3dcc124765238fddae5c9c50
6ebad8a16202398a84a64a37e024a7a714d3ffefcd80cb6f9f5cb2d5b2654e46
9fdb51761a71a36579ee5ec54c3abb14381342ba98c980ebdc70669de4037d75
ecbf0de324d626931a2105b2d75890e7
4bdc97cfa088f762efb785f848f15773e780cf4f4580db704fae94dbcd346ae3
109f7f23f330376e7eadc00caed5bc0783bec9421db637f7747770e3dab13e2a
6562baf6ee881256844c12793b0ba91148e176571ec59ca04450db47ee8a5a95
0cc261d7ff525a2fa346964a0af39e6aa6837fbb11dc2b1798be9119efa5c90c
599b86707d310d834b95337bc6e6fb56f0b177133531fc32bfcd0a45dbe4d5ec
95e61f016310bf3944d81940d2e08a0cac0b5c1956e84c734d25fd977f7d2047
da0f6ac0b30f8e37e9f0e25b605c3a168c1ff80357d66cd2d25bdf6c80964dc7
72996d8fbcfb8aedb31ffad924725b78f7e0bba2e186fddcfbecb9aecbf4a30f
23aa58baf7296469500f4a7c9cf691fc59286a590519a4f72575e17fd8c93e8f
6f51877eb816326303ee14526b63c902515ddcbe
9e0bb749d7fe084825a384c881cdf26dd8ae3b6a78b52487f1cf6b5475d7a1e3
53a50cc59f77cfcf5789c8847b545f3c5efaa9d12e1c971ce9c49be93a335d82
2fe1d45f4299afc6afb4bfc55cb788d43bbc0807aea36932bf9fbf2e9e2d1041
607cf6e24a8a377c9be34100fc856e769095cffc44fca4686ea9b2dfc9b483b1
8554b8b0c65ad5893eeb85086586bce89b1d5e7c4019d817922013998c0cc61d
b1b7a7618b7277104a599a9c4a0c95b1279b1535c6dbfda6f04c287eb0f4fb79
b67e74d3afc1915dc23b42feaa8511acaab7c4fbd34be12f96f82798769f51d6
1202b6eef0cc05476150e40c48c8bf20dd8ff0c8c50edceceb09078a408c9d72
a3a4835aed5130fbe67a34cbce748e859f04e9f43228847a32dbe5c43850c3e2
afb5a3167afd1c17534fdff0aa82370f60d4dd1b1c073d1b20ee9cbb3f082e16
3bdd44d55347cadb101639910006fd3fbd9f4139
926d8a222c56ae3acae3a74c325914c799e4631f4e8d2094a4e308a6db019f6f
021ef88c03aad981cde517c17b03703cf3523f5928e208faff5affc66d75a719
9ecb62824c4a6a7e1d9c35836391fcdfcc192a36742816161b0babfd368ec5a9
7406a9fc765bf2c160805e9640c30c92f59ef6b967f6df9d50b73b709e6a9e8f
34d02286f1fe0cd76d25e2e86b510bb63d397ca056ee540ea04feaaf09116f17
49ecbb637a473ec76fefa8c05811a1cc2a3c2dd44a1df0c323b14a916863d1d4
d7d0eba130b32cc1333e67c5111d13b44d6b0c847cd9dd28887641299ae85ccb
3a78e716558d5c059a66111c2d368cd387a41c6b9a87391b5646ce02cdffa3a6
2368bb29d282d222d680c4993c71b531ad015c443a128e8fa87a1345d41ed8e4
31320c915edeb10eda5cf436c6704c0e4bf6bdee4ee4f180922bd38d2a142521
605cfec4f5b4f1a505779ca9131cd103a8dfc7336481c8e995a63c5f73842a47
533a635aef8ca7337618d0888f92add26708085b95c7bf6304d1339272048a83
9991272caf667eeaf6da4bdf51a3a7d2
449aa07e46cd20e1c056a09a6b20dc3bfd4c0a78
fd16526c8423dcf62e1c5899316a5a1029e1b22ed9eb7c35f3569ce3aa96e507
d158aeb2642e77e1e55088af1a707cbed0af6d370c798ba1b6cfabe28b4973f4
b759003cd87c0ea1dbb4093381f5e6ce4358dcf2b9ac97237b80d26050e639e8
0cd7cf593a9898fe6e8f328dd769fcc04e0f8ce56ecca97f3e5e5bd0f9011459
085fc02cd551ba71909b78eb844cda123e172a6c9591345d031cf06b66d2a9e5
23ae4d68ff6e960d892753520577a497fba091956f88e2249ce6eae23aff32dc
d063af1de32fb062c8aa0bcf3d3eea3a8427f8b3d2d5e9034e3ef3e658a88208
f022d9bc7092836a91ff8b8149ffb4d08b978390bcdc6c0aafb53b7ba9f25f44
bcc8fa24e6d45c8fb7e30752af27b20fb7b4e081628bbd06e2133d88d68768fa
8ac7d2cc1eaf0f33a48fdb21f6e472c2ad823986302b06a60c23eb7878019b65
531812b315cbcb92b7324b3231f89a1565e94a7f7767cf09b15e3e0fb8b0976e
2ff45b1cd5d4babba451e01c2f4b87374d480b57195bfb2c461759094f2d5ea1
41d3a23485839d35cce433696c94ebd0dc957b8f1fb07d872945bb13eec2482f
8f15262b3c1cf560b6352fae4a5fde21
fe4db46c033d0757e3cc75d30d945a0f5b61f1cd3245c4cf95cf91db71bc98d9
0cbc3950f2e8411e4287ad8ad5f0b864428e3f485c4bc1e52b9d72d459598ab6
6bbad9a40c28bc24988b09fe52b13ba92d3200c9c2af9ab148963291d74c6324
1657720023a267b5b625de17bf292299
d57bca0b2dd3bf69b4557869f0ff4b7b2a8a1909ed752980a5654a9be6987dfc
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
33b20a5ea01635b7e59cae29acb1bdbd
e17fe4e556638c9f2edac9939b77b05c47feefdf3064325df472063330791271
12a19694bf4075b7a43b76e83727cebd0397ea8660daea06718fc60c9f11acb1
48f5a1d004bc4122536884aa3899e123d85e515877d9512d33b521e7e4188b87
4e46b2c17ab8c92c8022ccb87ec2b6e78895d4101e8b4418a5f1aeb83fc1d6f3
c000233f275ef48273c7609714b6534baba89fa5f81058748ad3f51376501c62
48909011b1a846e44241423d113128d160ce084c9bea2f356cb4257e1ba89494
b99216b5d914b9d750d99d2191eb57693c7452064b34c2df08ac2accdda3112b
74e34478ca149793deae83c92af01c97eaf7f7bc
e4428a24102ddc99397662a7c02a5f293a39c0ef3cac85c98b8dee2865fab0b1
88186dc6b1da144b2e02a8a52441fc8ff5ef6995a0564e0ac6b05da6adbe6dd4
fd698b58a563816b2260bbc50d7f864b33523121
a054c9636851f55c365e3e014e2656e54bedc7d0b0363cb59b0724a7eec2df15
4cde4405bd777acceebae3934a47d3d79d08446ce717328d40353877766e38e7
e542c61ac26e366537d89ad2fbd8c5f448d440b4ff2174d10045c02197aa6bce
4ab2a930aca0426b4766ab02d0802e90316dee030c1fa14e5f5f0d6d25253b93
b2aa5282fc8b33ef704953a7617c13328a1efaa8077d0e8aa13a20f568f8a5b6
bedc585713eeded5f7374113ac4fc28234a6affe02326dd2b386e54040b766e7
b80889a2a1a85ecbaa40562c900f3358f99f4205c3c05d7c132ccdce43523bfa
d6e90a501b1d7d50197d9fa4c3d40efc7356f13dd50b8629fd3946d3cad7d463
271ca4650c870b581df440d114212ff218d67146
1ebbb5850ff6435351b774d425c0d345d8bc3024
d6187ae4d5612a22876976cefb8a7d9bd7b856bc
7c4820d8f4b4dc3e27dbe9f5e658c46f
422303e6f7b5ae3f961d0cbfdb65ab68986ca84286563c118e7bd99189af48d7

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for everest

CVE-2024-55591

CVE-2024-21762

CVE-2017-18368

Other

T1486

T1490

T1078

T1562

T1021

T1046

T1059

T1003

T1021.001

T1105

T1203

T1563

Victims(196)

Company	Domain	Country	Industry	Status	Discovered
Asopagos S.A.	—	CO Colombia	Financial Services	Claimed	22 days ago
ЕРМ	—	CO Colombia	Professional Services	Claimed	22 days ago
Spedition Kern	—	DE Germany	Transportation	Claimed	22 days ago
Advanced Psychiatry Associates	—	US United States	Healthcare	Claimed	22 days ago
Sidra Kuwait Hospital	—	KW Kuwait	Healthcare	Claimed	22 days ago
VVO Finance	—	DE Germany	Financial Services	Claimed	22 days ago
AKM	—	JP Japan	Government & Defense	Claimed	22 days ago
TransferZ	—	US United States	Transportation	Claimed	22 days ago
L&P Aesthetics	—	US United States	Retail & E-Commerce	Claimed	22 days ago
Citizens Bank - Database Leaked	—	US United States	Financial Services	Claimed	about 1 month ago
Studio Marchi - Studio Professionale Associato - Database Leaked	—	IT Italy	Professional Services	Claimed	about 1 month ago
Evaluate a Norstella company - Database Leaked	—	US United States	Technology	Claimed	about 1 month ago
Rehab Clinics Group Ltd	—	GB United Kingdom	Healthcare	Claimed	about 1 month ago
K Subsea Group - Database Leaked	—	NO Norway	Energy & Utilities	Claimed	about 1 month ago
Tokoparts - Database Leaked	—	ID Indonesia	Retail & E-Commerce	Claimed	about 1 month ago
Super AI - Database Leaked	—	US United States	Technology	Claimed	about 1 month ago
Nutrabio - Database Leaked	—	US United States	Manufacturing	Claimed	about 1 month ago
Complete Aircraft Group - Database Leaked	—	—	Manufacturing	Claimed	about 1 month ago
Studio Marchi - Studio Professionale Associato	—	IT Italy	Professional Services	Claimed	about 2 months ago
Fiserv	fiserv.com	US United States	Financial Services	Claimed	about 2 months ago

Page 1 of 10

Affected countries(61)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates 🇦🇷Argentina 🇦🇹Austria 🇦🇺Australia 🇧🇪Belgium 🇧🇬Bulgaria 🇧🇷Brazil 🇨🇦Canada 🇨🇭Switzerland 🇨🇱Chile 🇨🇳China 🇨🇴Colombia 🇨🇿Czech Republic 🇩🇪Germany 🇩🇴Dominican Republic 🇪🇬Egypt 🇪🇸Spain 🇫🇮Finland 🇫🇷France 🇬🇧United Kingdom 🇬🇷Greece 🇭🇰Hong Kong 🇭🇷Croatia 🇭🇺Hungary 🇮🇩Indonesia 🇮🇪Ireland 🇮🇱Israel 🇮🇳India Iran, Islamic Republic of 🇮🇹Italy 🇯🇴Jordan 🇯🇵Japan Korea, Republic of 🇰🇼Kuwait 🇱🇻Latvia 🇲🇽Mexico 🇳🇦Namibia 🇳🇬Nigeria 🇳🇱Netherlands 🇳🇴Norway 🇳🇿New Zealand 🇵🇦Panama 🇵🇪Peru 🇵🇱Poland 🇵🇹Portugal 🇶🇦Qatar 🇷🇴Romania 🇷🇸Serbia Russian Federation 🇸🇦Saudi Arabia 🇸🇪Sweden 🇸🇬Singapore 🇸🇳Senegal 🇹🇭Thailand 🇹🇷Turkey Taiwan, Province of China 🇺🇦Ukraine 🇺🇸United States 🇻🇳Vietnam 🇿🇦South Africa 🇿🇼Zimbabwe