Ransomware victim disclosure
← All victimsEverel Group
listed as everelgroup.com\$259M\Italy\440GB\<1% DISCLOSED · Claimed by Cactus · listed 1 year ago
Status timeline
- ListedFeb 24, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- Italy
- Sector
- Manufacturing
- Listed on leak site
- Feb 24, 2025
About the victim
AI dossier — public-source company profileEverel Group is an Italian manufacturer of electronic and electromechanical components founded in 1903. The company produces switches, selectors, encoders, motors, and sub-assemblies for markets including automotive, HVAC, healthcare, gardening & outdoor, and major/small appliances, with approximately 650 employees worldwide and an output of 100 million components annually.
- Industry
- Electronic & Electromechanical Components Manufacturing
- Employees
- 650
- Founded
- 1903
Attack summary
Severity: high — Confirmed exfiltration of 440GB of corporate data from a significant manufacturer with international operations and supply chain visibility; data has been published by the threat actor, indicating operational breach with business and potentially customer/employee data at risk.Cactus ransomware group claims to have attacked Everel Group and exfiltrated data. The leak post details are not captured, but the victim record indicates data was published with an estimated size of 440GB and less than 1% disclosed at time of listing.
Data the group says was taken
AI dossier — extracted from the leak post- Business correspondence
- Technical documentation
- Corporate records
- Employee data
- Customer information
- Product designs
- Manufacturing processes
Sources
- Victim siteeverelgroup.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

