[EVEREST] – Ransomware Victim: AGFA

AI Generated Summary of the Ransomware Leak Page

AGFA is identified as the victim on the leak page associated with the Everest threat group. The post presents AGFA as a multinational technology company that develops, manufactures, and distributes analogue and digital imaging systems and IT solutions. It lists four divisions—health care, graphic systems, materials, and glass—and notes a long corporate history dating back to 1867 in Berlin. The metadata indicates Belgium (BE) as the country. The post date is 2025-11-10 22:18:55.379175; since a compromise date isn’t provided in the data, this timestamp is treated as the post date. A claim URL is indicated as present on the leak page, suggesting an attacker-provided statement or ransom note. The page contains two image assets, hosted on an onion service, and there are no downloads or additional files listed in the provided data. The exact impact (e.g., encrypted systems vs. data leak) or any ransom amount is not specified within the available fields.

The two image assets referenced by the page are described in the metadata as images, implying media accompanying the post rather than a catalog of downloadable files. The images appear to be hosted on an onion domain, with filenames prev[.]png and next[.]png, which suggests a simple image carousel rather than substantive document previews. For safety, the onion links are defanged here as and The page’s claim URL presence aligns with common ransomware leak patterns, but the provided data do not include explicit figures on encryption status, data exfiltration, or a ransom demand. The victim name AGFA remains the focal point of this summary, while other company names mentioned in the leak page’s text are not reiterated here.