Ransomware Group: EVEREST

VICTIM NAME: New American Funding

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a financial services organization identified as New American Funding, a mortgage lending company based in the United States. The breach was discovered and publicly announced on July 15, 2025, with the attack date recorded as July 15, 2025, at approximately 21:13 UTC. The leak involves sensitive data from the company, which is a prominent player in mortgage financing, offering various loan options such as FHA, VA, HARP, and Conventional loans. The organization has a nationwide presence and is recognized for its technological innovation and commitment to equitable housing, making this leak potentially significant for stakeholders and clients. No specific compromised internal systems or PII are detailed in the public leak, but the event suggests a serious data breach likely exposing confidential information.

The leak page includes a screenshot of internal data or communications related to the company, underlining the severity of the breach. The perpetrators have released the claim URL, which directs to a dark web page dedicated to the incident, indicating an active and organized extortion or disclosure campaign. The breach is attributed to a group named Everest, emphasizing that this is part of broader malicious activities aimed at financial institutions. Although explicit details about the specific data compromised are not provided, the leak’s publication signals a significant security incident with potential implications for customer and corporate data security. The event underscores the critical importance of cybersecurity vigilance within the financial sector to mitigate such risks in the future.