Threat Group Profile
everest
Dormant / historical
Victim claims
27
First seen
Apr 2026
Last activity
29 May 2026
Tracked since
โ
Group overview
Everest ransom group collects and analyzes information about their victims. They specialize in customer privacy data, financial information, databases, credit card information, and more. The Everest ransom group leaks the victim's data to the darknet and they announced that any victim that will not contact them will suffer from a data leak and they will not delete hist files for future usage.
Preferred targets
Financial Services ยท 6
Business Services ยท 5
Healthcare ยท 4
Transportation/Logistics ยท 2
Technology ยท 2
Manufacturing ยท 2
Most targeted countries
US ยท 12
DE ยท 3
JP ยท 2
ID ยท 2
SG ยท 1
KW ยท 1
Tactics & techniques (MITRE ATT&CK)
Stealth
Obfuscated Files or Information
Obfuscated Files or Information: Dynamic API Resolution
Valid Accounts: Local Accounts
Modify Registry
Deobfuscate/Decode Files or Information
Execution Guardrails
Hide Artifacts
Debugger Evasion
Discovery
Remote System Discovery
Network Share Discovery
Software Discovery: Security Software Discovery
System Location Discovery: System Language Discovery
Lateral Movement
Remote Services: SMB/Windows Admin Shares
Command and Control
Application Layer Protocol: Web Protocols
Impact
Data Encrypted for Impact
Service Stop
Inhibit System Recovery