Ransomware Group: EVEREST

VICTIM NAME: Matiss

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Matiss, a Latvia-based automation and robotics company described as serving multiple sectors including food processing, packaging, and logistics, is presented on the leak page as a victim of a ransomware incident. The page frames Matiss as having been breached and attributes the attack to the Everest group. The post date is August 17, 2025 (time 23:14:15). Since no explicit compromise date is provided, this date is treated as the post date. The leak page features 11 attached images that appear to be screenshots of internal materials and a claim link indicator suggesting the attackers are offering proof or a pathway to validate their claim. The page’s framing aligns with a data-exfiltration or data-leak scenario common in double-extortion ransomware campaigns, though the metadata does not explicitly label whether encryption or data loss occurred.

In terms of content and evidence, the metadata does not disclose a ransom amount or explicit encryption claim. The page centers on Matiss’s automation capabilities—robotic pick-and-place systems, conveyors, and sorting systems—across sectors such as food processing, packaging, and logistics. Latvia is listed as the country in the metadata. The leak includes 11 image attachments, described only as screenshots of internal materials, with no direct links included in this summary. All URLs in the source data are defanged, and any non-English material present has been translated into neutral English. The description identifies the victim by name and confirms the post date, while no other company names are emphasized in the narrative beyond the victim and the attacker group.