Ransomware Group: EVEREST

VICTIM NAME: Mediclinic Group

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page reports a cybersecurity incident involving the Mediclinic Group, a prominent healthcare provider based in South Africa with international operations. The attack was discovered on May 26, 2025, and the breach is associated with the Everest threat group. The breach potentially involves the exfiltration of sensitive information, including internal data related to hospital operations and patient care. The incident affects the company’s online presence, notably their official website, and includes leaked screenshots of internal documents. The leak may also expose data linked to employee information and other internal resources, although no specific Personally Identifiable Information (PII) has been publicly detailed. The attack highlights vulnerabilities in healthcare cybersecurity defenses and underscores the importance of robust protective measures in the sector.

The leak page features a screenshot of internal documents, suggesting the attackers gained access to internal systems. No specific download links or data files are detailed publicly, but the presence of screenshots indicates data exfiltration. The breach is associated with several infostealer tools, which have compromised a range of user and employee data. The event’s technical details include the involvement of several malicious software tools known for stealing sensitive information. The incident’s timeline shows an update to details about the target country and website, reflecting ongoing investigations or data remediation efforts. Overall, this ransomware event underscores the critical need for healthcare organizations to enhance cybersecurity measures against evolving cyber threats.