Ransomware Group: EVEREST

VICTIM NAME: Jamjoom Pharma

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Jamjoom Pharma, a prominent pharmaceutical company headquartered in Jeddah, Saudi Arabia, operating within the healthcare industry. The attack was confirmed to have occurred on May 1, 2025, and was publicly disclosed shortly thereafter on May 2, 2025. The breach resulted in the compromise of sensitive internal data, although specific PII has been redacted to maintain confidentiality. The leaked information suggests that the attackers targeted employee credentials and company data using various infostealers like Raccoon and RedLine, which are known for collecting user information and facilitating data exfiltration. The attack appears to have been orchestrated by a group called Everest, which is associated with the leak.

The leak page includes a screenshot showing internal documents and data samples, indicating that attackers gained access to the company’s systems and exfiltrated operational information. The breach impacts a company with approximately four employees actively involved in operations and third-party connections, reflecting its operational scope. No additional press releases or public statements are available at this time. The leak exposes the potential risk to both domestic and international markets due to the company’s focus on prescription drugs and over-the-counter products across multiple therapeutic areas. The incident highlights ongoing cybersecurity challenges faced by healthcare companies, emphasizing the importance of robust data protection measures.