Free Demo

Trending

Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
HomeBlog
Nefilim Ransomware Operators Strikes Brazilian Conglomerate, Cosan — Data Leaked
Nefilim Ransomware Operators Strikes Brazilian Conglomerate, Cosan — Data Leaked

Nefilim Ransomware Operators Strikes Brazilian Conglomerate, Cosan — Data Leaked

In another data breach incident, the Nefilim Ransomware operators have leaked the data of Cosan.

About CosanCosan is a public listed company, a Brazilian conglomerate producer of bioethanol, sugar and energy. According to Reuters, the company’s segments include Raizen Energia, Raizen Combustiveis, COMGAS, Cosan Logistica, Lubricants and Other business. The company’s other business includes other investments, in addition to corporate activities. The company offers Logistics services, including transportation, port loading and storage of sugar, leasing or lending of locomotives, wagons and other railway equipment, through its subsidiaries Rumo Logistica Operadora Multimodal S.A. (Rumo), logistic segment (Logistic).

Based on the information leaked, it appears the negotiation between the ransomware operators and Cosan failed, which lead to this leak.

Below is the message from the operators themselves:

The original message from the Nefilim operators

Cyble research team has verified the leak (over 3.1GB compressed). The directory listing is available here (it’s likely to be taken down at some point) — https://uploadfiles.io/4n36xyx7

Update: On April 1, 2020, the group leaked the second part of their leak (over 5.2GB compressed) as below:

report-ad-banner

Update: On April 22, 2020, the group leaked the third part of their leak (around 20GB) as below:

Snapshot of files being leaked in data leak part 3

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.

THIS POST HAS BEEN EXPORTED FROM OUR MEDIUM CHANNEL

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.
why cyble

Get Threat Assessment Report

Identify External Threats Targeting Your Business​
Get My Report
Free
Cyble Vision

Threat Landscape Reports 2025

Global cybersecurity report
Europe cyber landscape
APAC Cyber Threat Landscape
North America Cyber Threat Landscape Report
META Threat Landscape
Australia New Zealand threat report

Upcoming Webinars

global-webinar-banner
Stay-Ahead-of-Cyber-Threats
CISO's Guide to Threat Intelligence 2024

CISO’s Guide to Threat Intelligence 2024: Best Practices

Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free E-Book Now

Cyble | Amazon Music
Azure-MP-logo
google-ad-cyble
Share the Post:

Related Posts

Scroll to Top

Discover more from Cyble

Subscribe now to keep reading and get access to the full archive.

Continue reading