Ransomware Group: EVEREST

VICTIM NAME: Khidmah

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page reports a cybersecurity incident targeting Khidmah LLC, a prominent real estate services provider based in Abu Dhabi, United Arab Emirates. The attack was discovered on May 8, 2025, with the incident formally claimed shortly afterward. Khidmah specializes in a wide range of property management services, including leasing, facilities management, and maintenance for residential, retail, and commercial clients. The leak indicates that sensitive data from the company may have been compromised, although specific details about the nature of the leaked information are not provided. The page includes a screenshot of what appears to be internal documentation, highlighting the seriousness of the breach.

The incident’s timeline suggests that the attacker updated or modified some aspects of their exposure shortly after discovery. The breach was publicly linked via a dark web portal, providing a claim URL for further information access. The leak page emphasizes the company’s activity within the Business Services sector in the AE region and underscores the potential impact on operations and client confidentiality. While no explicit data files or download links are readily visible, the presence of a detailed screenshot indicates the attacker’s intention to demonstrate access to internal company information. The attack underscores the ongoing cybersecurity threats faced by organizations in the real estate and property management fields.