[EVEREST] – Ransomware Victim: Collins Aerospace / RTX[.]com

AI Generated Summary of the Ransomware Leak Page

On October 17, 2025, a ransomware leak post attributed to the Everest group publicly identifies Collins Aerospace / RTX.com as a victim in the United States manufacturing sector. The page describes Collins Aerospace as a leader in advanced aerospace and defense solutions and notes the company’s history as a 2018 merger between UTC Aerospace Systems and Rockwell Collins. The post carries an AI-generated label, indicating the description text was produced by automation rather than a human-authored briefing. It also notes the presence of a claim URL for readers to review the attackers’ statements and includes two images as part of the post. Because no compromise date is provided in the dataset, the timestamp is treated as the page’s post date.

The metadata confirms two image assets accompany the post, while there is no explicit indication of encryption, exfiltration, or ransom figures in the available fields. The impact field is empty, so the post does not clearly classify the incident as an encryption event or a data leak based on the provided data. A claim URL is present, which suggests the attackers offer a public statement or justification, but the dataset does not include any disclosed ransom amount. The Everest attribution aligns with the actor’s typical leak-page pattern. The summary centers on Collins Aerospace as the victim; other company names mentioned in the content are not reproduced here, and any non-public contact details are redacted.