Everest ransomware gang threatens to leak 159GB of stolen data from Italian gas giant SIAD Group

A Russia-linked ransomware group has claimed responsibility for a cyberattack against Italy’s SIAD Group, threatening to release 159 gigabytes of stolen data if the company fails to meet its demands within eight days.

The Everest Group, a well-known cybercriminal organization operating on the dark web, listed SIAD Group as a new victim on its leak site, beginning a public countdown to the release of the allegedly stolen files. The post includes no data samples, leaving the authenticity of the hackers’ claims unverified.

SIAD Group, headquartered in Bergamo and founded in 1927, is one of Italy’s largest industrial and specialty gas producers. The company supplies gases for industries including food processing, healthcare, automotive manufacturing, metallurgy, and chemicals. It also provides liquefied petroleum gas (LPG), natural gas, and equipment such as compressors, automation systems, and gas production plants. Beyond its industrial operations, SIAD offers home and hospital healthcare services and reported revenues exceeding €1.1 billion in 2024.

Researchers warned that, if the attack proves legitimate and disrupts SIAD’s operations, it could cause moderate supply chain issues across European manufacturing, healthcare, and energy sectors. However, with no data samples released, the extent of the breach remains unclear.

Ransomware gangs typically publish victims’ names on dark web forums to pressure organizations into paying for data recovery or to prevent public exposure of sensitive information. Companies that refuse to engage often face large-scale leaks of proprietary or customer data.

The Everest Group has been active since mid-2021 and is believed to have ties to the BlackByte ransomware operation. In recent months, the group has targeted several high-profile organizations, including Collins Aerospace, BMW, and a subsidiary of Germany’s DZ Bank. It has also claimed breaches involving Coca-Cola’s Middle East division, Mediclinic International, and multiple public institutions in the Middle East.

The group’s most disruptive campaign this year involved an attack on Collins Aerospace’s MUSE passenger management software, which caused operational chaos at several European airports and led to threats to release passenger data from Dublin Airport.