The Everest ransomware cartel claims responsibility for the Rezayat Group data leak. The Saudi-based industrial conglomerate appeared on the gang’s leak site, where they showcase compromised victims.
Rezayat Group manages 25 companies involved in logistics, engineering, and manufacturing. It employs over 20,000 staff members and operates across 13 countries.
What the Hackers Claim to Have Stolen
Everest says it has exfiltrated 10GB of internal data. While the full dataset remains unreleased, the attackers shared several screenshots as proof. These included:
- Business contracts with external partners
- Internal company reports
- Technical drawings linked to industrial facilities
Cybernews researchers reviewed the leak and confirmed that the files appear legitimate. Some documents contain sensitive client data. Others suggest detailed engineering designs, which could be used in targeted follow-up attacks.
Analysts noted that the Rezayat Group data leak may damage the company’s client relationships and increase the risk of supply chain exploitation.
Pressure Tactics in Ransomware Attacks
Releasing samples is a common tactic used by ransomware gangs. These small leaks aim to increase pressure on the victim. If the target refuses to negotiate, attackers typically continue to publish more sensitive data.
Although Everest claims to hold 10GB of stolen information, there’s currently no way to confirm the full extent of the breach. Still, the presence of valid documents suggests the group had significant access to the company’s internal systems.
Everest’s Track Record and Tactics
Everest ransomware has been active since 2021 and is linked to the BlackByte cybercrime group. The cartel is known for targeting high-value organizations. Notable past incidents include:
- Mediclinic – a $5 billion global hospital chain
- Coca-Cola – with stolen employee records and private files
- AT&T – where attackers allegedly accessed the full internal network
The gang uses stolen credentials and Remote Desktop Protocol (RDP) to move laterally across networks. According to dark web trackers, Everest listed over 100 victims in the past year alone.
Middle Eastern Organizations Under Fire
Cybersecurity experts believe cybercriminals are increasingly targeting the Middle East. Industrial firms, in particular, are viewed as lucrative targets. The Rezayat Group data leak fits a broader pattern of ransomware cartels focusing on regional infrastructure, supply chains, and multinational corporations.
Conclusion
The Rezayat Group data leak underscores how ransomware groups are evolving in strategy and scope. By targeting a key industrial player in the Middle East, Everest reinforces its status as one of the most aggressive threat actors on the dark web. While Rezayat has yet to respond, the leak raises serious concerns about data security, regional targeting, and the growing pressure placed on critical infrastructure providers worldwide.
0 responses to “Rezayat Group Data Leak: Everest Ransomware Strikes Saudi Conglomerate”