[EVEREST] – Ransomware Victim: Air Arabia

AI Generated Summary of the Ransomware Leak Page

Air Arabia, the United Arab Emirates–based low-cost airline, is identified in the leak post as a ransomware victim associated with the Everest group. The airline operates from Sharjah and serves more than 170 destinations across the Middle East, North Africa, Asia, and Europe. The leak metadata classifies Air Arabia’s industry as Transportation/Logistics and notes that a claim URL is present on the page, though the actual post content is not provided in the data. The post date is 2025-10-25 18:42:43.761108, and in the absence of a documented compromise date, this timestamp should be treated as the post date. The metadata does not specify an explicit impact (such as data encryption or data leakage) or any ransom amount.

Visually, the leak page contains no screenshots or embedded images according to the record; there are zero images and no downloadable attachments. The annotations show no images or links in the entry, and the only outward signal of additional information is a claim URL that is indicated as present. The accompanying description field for Air Arabia is AI-generated and presents a generic corporate profile rather than an excerpt from the leak’s actual content.

Taken together, the entry confirms Air Arabia as a ransomware victim connected to Everest, with the post date noted above. The data provided does not reveal the attack’s impact type, any ransom figure, or a compromise date, and there are no visible materials on the page to corroborate a data exfiltration or encryption event. Ongoing monitoring of the leak site and corroborating threat intelligence would be prudent to determine whether additional disclosures or ransom communications are published by Everest.