Nefilim Ransomware Operators Strikes Brazilian Conglomerate, Cosan — Data Leaked

In another data breach incident, the Nefilim Ransomware operators have leaked the data of Cosan.

About CosanCosan is a public listed company, a Brazilian conglomerate producer of bioethanol, sugar and energy. According to Reuters, the company’s segments include Raizen Energia, Raizen Combustiveis, COMGAS, Cosan Logistica, Lubricants and Other business. The company’s other business includes other investments, in addition to corporate activities. The company offers Logistics services, including transportation, port loading and storage of sugar, leasing or lending of locomotives, wagons and other railway equipment, through its subsidiaries Rumo Logistica Operadora Multimodal S.A. (Rumo), logistic segment (Logistic).

Based on the information leaked, it appears the negotiation between the ransomware operators and Cosan failed, which lead to this leak.

Below is the message from the operators themselves:

The original message from the Nefilim operators

Cyble research team has verified the leak (over 3.1GB compressed). The directory listing is available here (it’s likely to be taken down at some point) —

Update: On April 1, 2020, the group leaked the second part of their leak (over 5.2GB compressed) as below:

Update: On April 22, 2020, the group leaked the third part of their leak (around 20GB) as below:

Snapshot of files being leaked in data leak part 3

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.


Comments are closed.

Scroll to Top