For the consecutive fourth time, Netfilim ransomware operators publishes data leak of Cosan. Earlier to this, they published the data leak part 1, part 2, and part 3 of the company, which were verified and been reported by the Cyble Research Team.

Cosan is a public listed company, a Brazilian conglomerate producer of bioethanol, sugar, and energy. According to Reuters, the company’s segments include Raizen Energia, Raizen Combustiveis, COMGAS, Cosan Logistica, Lubricants, and other business. The company’s other business includes other investments, in addition to corporate activities. The company offers Logistics services, including transportation, port loading, and storage of sugar, leasing or lending of locomotives, wagons and other railway equipment, through its subsidiaries Rumo Logistica Operadora Multimodal S.A. (Rumo), logistic segment (Logistic).

As claimed before by the Cyble Research Team, the Netfilim  ransomware operators leaked the fourth part of the company’s data. Based on this data leak it seems that once again the company refused to accept the terms of the ransomware operators. Due to the refusal, the ransomware operators chose to leak the fourth part of the data. Below is the message been posted by Nefilim  ransomware operators-:

 The Cyble researchers have verified the leak of around 17GB. The data leak includes all the confidential management documents of Cosan such as Audit documents, Bank statements, Items purchase documents, and many more. Below is the snapshot of few files from the directory listing being leaked by the Netfilim ransomware operators.

It is expected that more data leaks of Cosan may be published soon if no action is been taken by the company.

Update: On May 26, 2020, the group leaked part 5 of their leak (around 9GB) as below:

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.