everest

Known ransomware group ACTIVE

Active · high-tempo

Everest is a Russian-speaking extortion group active since 2020 that combines ransomware with initial-access brokering, sometimes selling network access rather than deploying encryptors. It has targeted government, healthcare, and industrial victims.

Total Claims

Critical

—

Records Claimed

Industries Hit

Active span: Apr 13, 2026 – May 28, 2026 · 17 organizations targeted

Active · high-tempo

Actor Threat Profile

Activity Timeline

Peak: May 2026 (10)

Apr 2026

LessMore

May 2026

Share this profile

Top Targeted Industries

Healthcare 4

Financial Services 4

Business Services 4

Technology 1

Manufacturing 1

Agriculture and Food Production 1

Tradecraft & Infrastructure

Documented tools

5 / 17

MITRE tactics / techniques

Known leak sites

CredentialTheftDiscoveryEnumOffsecRMM-Tools

Full intelligence profile on ransomware.live →

Targeted Organizations

L&P Aesthetics Advanced Psychiatry Associates Sidra Kuwait Hospital VVO Finance Rehab Clinics Group Ltd Studio Marchi - Studio Professionale Associato Fiserv TSYS Epiq Global Symcor Super AI Citizens Bank Complete Aircraft Group Nutrabio Tokoparts Umiles Group K Subsea Group

everest

Activity Timeline

Share this profile

Top Targeted Industries

Tradecraft & Infrastructure

Targeted Organizations

Claims by everest

Ransomware Claim: L&P Aesthetics

Ransomware Claim: Advanced Psychiatry Associates

Ransomware Claim: Sidra Kuwait Hospital

Ransomware Claim: VVO Finance

Ransomware Claim: Rehab Clinics Group Ltd

Ransomware Claim: Studio Marchi - Studio Professionale Associato

Ransomware Claim: Fiserv

Ransomware Claim: TSYS

Ransomware Claim: Epiq Global

Ransomware Claim: Symcor

Ransomware Claim: Super AI

Ransomware Claim: Citizens Bank

Ransomware Claim: Complete Aircraft Group

Ransomware Claim: Nutrabio

Ransomware Claim: Tokoparts

Ransomware Claim: Umiles Group

Ransomware Claim: K Subsea Group

Never Miss a Critical Alert