The Everest ransomware group claims to have breached multiple organizations across the global financial, aviation, automotive, and retail sectors. The group has recently updated its extortion portal with large troves of highly sensitive corporate and customer data, initiating countdown timers for public release.
The latest list of alleged victims posted by the group includes:
-
Frost Bank (🇺🇸): A prominent United States-based financial institution.
-
Citizens Bank (🇺🇸): A major United States-based financial institution and retail bank.
-
Tokoparts (🇮🇩): An Indonesian automotive parts and supply chain company (PT Suku Cadang Oto Sejahtera).
-
Complete Aircraft Group (🇬🇧): A global aviation services, parts, and maintenance provider.
-
Umiles Group (🇪🇸): A Spanish unmanned aerial systems (drone) and aviation services company.
-
Nutrabio (🇺🇸): A United States-based dietary supplement manufacturer and distributor.
According to the actor, the allegedly compromised data includes over 380 gigabytes of files and millions of database records. The exposed information encompasses:
-
Over 250,000 Social Security Numbers (SSNs) and Taxpayer Identification Numbers (TINs)
-
Approximately 3.4 million banking processing records, including full names, physical addresses, and account numbers
-
Unencrypted credit card authorization forms containing full card numbers, CVV codes, expiration dates, and billing addresses
-
Corporate financial reporting, general ledgers, budgets, and tax declarations
-
Aviation maintenance records, logbooks, and engine borescope inspection videos
-
Employee and pilot personal data, including national ID card scans (DNI, KTP), passports, and medical certificates
-
Customer databases, non-disclosure agreements (NDAs), and commercial purchase agreements
-
Complete corporate email archives (.pst files) and screen recordings of operational workflows
