[EVEREST] – Ransomware Victim: DAT AUTOHUS AG

image

Ransomware Group: EVEREST

VICTIM NAME: DAT AUTOHUS AG

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.


AI Generated Summary of the Ransomware Leak Page

DAT AUTOHUS AG, a German vehicle retailer, is identified as the victim on the ransomware leak page. The post is dated August 6, 2025. The accompanying description describes the company as selling new and used vehicles and offering financing, leasing, insurance, and maintenance services. The leak page contains 11 screenshots, presumed to be internal documents, and a claim URL is present, indicating a ransom-extortion element associated with the disclosure. The body excerpt on the page lists only the victim’s name, with no additional narrative text. The available metadata does not clearly assign an industry beyond the described vehicle-retailer profile, and precise address details have been redacted in this summary. There are no downloadable files indicated in the provided data.

From a threat-intelligence perspective, the combination of internal-document-style images and a ransom-claim link is consistent with ransomware data-exfiltration and extortion activity. The exact compromise date is not disclosed; the post date August 6, 2025 serves as the published timestamp in the absence of a stated breach date. The 11 images suggest exposure of sensitive internal information, which could pose risks to the company’s operations, partners, and customers if any of the materials are released publicly. The metadata does not specify an encryption status or a disclosed ransom amount, so the exact impact remains unclear from the available data. This layout—victim name, multiple internal-document images, and a ransom-related link—fits common ransomware-leak post patterns observed in the industry.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.