Ransomware Group: EVEREST

VICTIM NAME: MYVISAJOBS[.]COM

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 14, 2025, Everest, a ransomware threat group, published a leak page targeting MYVISAJOBS[.]COM, a United States-based technology platform that assists international students and professionals seeking work opportunities and visa sponsorship in the United States. The post frames the incident as a data leak rather than a traditional encryption event, asserting that data has been exfiltrated from MYVISAJOBS[.]COM’s networks and could be released publicly or used for extortion. A claim URL is included on the page, signaling a negotiation or verification mechanism consistent with double-extortion campaigns. The page identifies the victim as operating in the Technology sector in the United States; no explicit ransom figure is disclosed in the metadata.

The leak page features 11 image attachments, described in general terms as screenshots or internal documents intended to illustrate the breach, though the contents of those images are not detailed in the excerpt. The images appear to be hosted on a dark-web onion service, which aligns with the typical infrastructure of ransomware leak sites. The body excerpt on the page simply repeats the victim’s domain, MYVISAJOBS[.]COM, reinforcing the focus of the posted materials. In the absence of a published monetary demand in the provided data, the post may indicate that further data disclosures or negotiations are planned, consistent with common ransom extortion tactics.

Overall, the incident highlights the ongoing risk ransomware campaigns pose to technology platforms that facilitate visa information and employment processes. The combination of a data-leak claim, the presence of multiple image attachments, and a ransom- or extortion-oriented post signals a potential data exposure for the victim, with the Everest group asserting control over the published materials as of the post date: August 14, 2025.