[EVEREST] – Ransomware Victim: Air Arabia DataBase on sale for $2 Million

AI Generated Summary of the Ransomware Leak Page

On 2025-10-25, a leak page associated with the Everest ransomware group references a victim named Air Arabia DataBase on sale for $2 Million. The page frames the incident as a data-leak sale rather than a traditional encryption event, aligning with ransomware operators’ double-extortion approach. The post asserts that Air Arabia’s database has been exfiltrated and is being offered for sale for two million USD. The metadata shows no disclosed industry, country, or official website details for the victim (the industry field is not found), and a claim URL is indicated on the leak page, though the actual address is not included in this transcription. Since a compromise date isn’t provided, the 2025-10-25 post date is used as the timeline reference. The entry does not specify data types, volume, or encryption status beyond the sale claim.

The leak page includes two image assets, which appear to be screenshots or visual references related to internal documents or data; the exact contents of these images are not described here. There is no indication of downloadable files within the page (downloads_present is false), and the metadata highlights a claim URL presence without displaying the address. The combination of a stated sale price and a claim URL is consistent with extortion-style leakage tactics, though the page provides limited detail about the dataset, its scope, or the specific data types involved. The victim’s name remains the focal point of the entry, while other company identifiers are not elaborated in the transcript.