Umiles Group Ransomware Claim by Everest (April 2026)

Claim Summary

The Everest ransomware group has allegedly added Spanish technology and services company Umiles Group to its data leak site. The group claims to have executed an attack on April 20, 2026. According to the threat actor’s post, the compromised data relates to Umiles Group’s core business in drone operations, urban air mobility, and advanced aerial solutions for sectors like logistics, inspection, and emergency response. The exact volume of data allegedly stolen has not been disclosed by the group.

Threat Actor Profile

Everest is an established ransomware-as-a-service (RaaS) operation with a significant track record, having claimed hundreds of victims historically. The group is known for employing a double-extortion model, stealing data before encryption to pressure victims into paying a ransom. According to threat intelligence references, including a detailed profile from the Health-ISAC, Everest actors are known to utilize a suite of common offensive tools. These have reportedly included ProcDump for credential access, SoftPerfect NetScan for network reconnaissance, and frameworks like Cobalt Strike and Metasploit for exploitation and persistence. Remote administration tools like AnyDesk, Atera, and Splashtop are also commonly used by the group for lateral movement and control.

Alleged Data Exposure

Based on the group’s description, the stolen data purportedly pertains to Umiles Group’s specialized operations in unmanned aerial vehicle services. This could theoretically include sensitive information related to client projects, operational protocols for drone flights, technical specifications, internal training materials, and data concerning the development of regulatory frameworks for European airspace. The broad nature of the description suggests a potential compromise of intellectual property and business-critical information, though no specific data samples or file lists have been provided publicly to substantiate the claim.

Potential Impact

If verified, a breach of this nature could have serious consequences for Umiles Group. The alleged theft of proprietary technology data, client information, and operational details could undermine competitive advantage and client trust. Given the company’s work in sectors like surveillance and emergency response, a leak could also raise safety and regulatory concerns. Furthermore, the exposure of internal frameworks and training programs could facilitate future targeted attacks against the company or its partners.

What to Watch For

Organizations, particularly in the technology and aviation services sectors, should monitor for any emergence of the allegedly stolen data on other cybercriminal forums. Security teams should review detection capabilities for Everest’s known toolset, including the network scanning and remote access tools mentioned. While specific YARA rules were not detailed in the provided reference, the linked HC3 profile may contain actionable indicators of compromise (IOCs) and detection guidance that organizations can leverage for defensive hunting.

Disclaimer

This report is based on an unverified claim from a ransomware group’s data leak site. The information presented here, including the details of the attack, the data allegedly compromised, and the involvement of the Everest group, has NOT been independently confirmed by Yazoul Security or external sources. Ransomware groups frequently exaggerate claims to coerce victims into paying ransoms. This report is for informational and threat intelligence purposes only.