Ransomware victim disclosure
← All victimsRezayat Group
Claimed by Everest · listed 1 year ago
Status timeline
- ListedJul 13, 2025
- Data leakeddate unknown
At a glance
- Group
- Everest
- Status
- Data leaked
- Country
- Saudi Arabia
- Sector
- Manufacturing
- Listed on leak site
- Jul 13, 2025
About the victim
AI dossier — public-source company profileRezayat Group is a diversified multinational conglomerate based in Saudi Arabia operating across oil & gas, petrochemicals, power generation, construction, real estate, trading, and healthcare sectors. The group works with a network of global partners to provide services and products internationally.
- Industry
- Diversified Conglomerate (Oil & Gas, Petrochemicals, Power, Construction, Real Estate, Trading, Healthcare)
- Address
- Saudi Arabia
Attack summary
Severity: medium — Data has been published by the ransomware group (disclosed status: data_published), indicating confirmed exfiltration. However, without details on the specific data types, volume, or sensitivity level, and lacking proof file counts or access to the actual leak contents, confidence in severity assessment is limited. The conglomerate's diversified operations across sensitive sectors (oil & gas, healthcare) elevate concern, but unconfirmed details prevent 'high' classification.Everest ransomware group claims to have attacked Rezayat Group and published data. The specific nature of the breach (encryption, exfiltration, or both) and data categories are not detailed in the available leak post.
Original description
AI-summarised, not from the leak postRezayat Group is a diversified multinational conglomerate based in Saudi Arabia. Their operations span across various sectors including oil & gas, petrochemicals, power generation, construction, real estate, trading, and healthcare. They work with a network of global partners, providing services and products in many countries around the world.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

