ZeroFox Intelligence Flash Report - Everest Continues to Tout Prominent Brands in Latest Disclosures

ZeroFox Intelligence Flash Report - Everest Continues to Tout Prominent Brands in Latest Disclosures

Product Serial: F-2026-02-06a

TLP:CLEAR

In this Flash report, ZeroFox researchers report on the ransomware and digital extortion collective known as Everest, and the group's recent alleged victims announced on its leak site.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

• On February 2, 2026, a ransomware and digital extortion (R&DE) collective known as “Everest” announced an alleged data breach of Iron Mountain on its victim leak site. ZeroFox assesses Everest has very likely overstated the volume and sensitivity of the breach in order to increase pressure on the victim to comply with its extortion demands.
• Everest is a Russian-language collective offering ransomware-as-a-service (RaaS) that has conducted at least 286 separate R&DE incidents since ZeroFox first observed the group in 2021. In light of sensitive reporting, ZeroFox assesses Everest has likely exaggerated the quantity and quality of its alleged victim data—and in some cases fabricated it entirely.
• Everest is the tenth most prominent R&DE collective thus far in 2026 in terms of number of published alleged victims; the group has primarily targeted North America-based entities and organizations in the healthcare sector. However, given Everest’s historical tendency to overstate its exfiltrations, ZeroFox assesses it is unlikely their latest claims regarding the Iron Mountain breach are credible.