Ransomware Group: EVEREST

VICTIM NAME: iPROMOTEu

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns the US-based service provider known as “iPROMOTEu,” which operates within the Business Services sector. Established in 1999, the company offers various services such as order financing, supplier negotiation, and business development aimed at promotional product distributors. Based on available information, the breach was discovered on July 31, 2025, with the attack reportedly occurring on July 25, 2025. The publicly leaked data indicates that malicious actors have gained access to the company’s internal systems, potentially compromising sensitive operational details. The leak may include confidential files, internal communications, or data relevant to their business operations.

The leak page contains a screenshot of what appears to be an internal document or system interface, which may serve as evidence of the breach. No personally identifiable information or client-specific data is openly disclosed in the available content, suggesting an effort to sanitize or redact sensitive details. Download links or data files potentially exposed in the breach, such as internal reports or correspondence, are referenced but not explicitly described. The incident underscores the importance of cybersecurity vigilance in service industries, especially those handling client data and financial transactions. The attacker’s claims and the scope of the compromised information are still under assessment.