Another Massive Data Leak by Netfilim Ransomware Operators on the Same Day – Aliansce Sonae Been Targeted

Update as on June 24th, 2020 – Part 2 of Aliansce Sonae has been released by the operators. At present, Cyble cannot comment on the authenticity of the leak as our researchers are analyzing the data

In just a couple of hours, the Netfilim ransomware operators publish another huge data leak. In this instance, they targeted Aliansce Sonae which is one of the largest management companies for shopping centers in Brazil.

Aliansce Sonae is the second-largest shopping mall owner, developer, and manager in Brazil. It was founded in 2004 through a joint venture between the Brazilian company Nacional Iguatemi and GGP. GGP sold its interests in 2016. The company has 40 shopping malls and approximately 1.4 million meters of gross leasable area (GLA). Aliansce Sonae is one of the industry’s leading shopping malls companies in Brazil and is one of the five Shopping malls companies listed on B3. The main activities of the company are the shares in the shopping malls and services segment of shopping centers, which involves: the administration of shopping centers; the sale of shopping mall space; and the planning and development of shopping centers. The company is a full-service company with operations in all phases of implementation of shopping centers, from planning, development, and launch to the management structure and financial, commercial, legal, and operational of Malls.

Based on the information leaked, it appears that the negotiation between the ransomware operators and the Aliansce Sonae failed, which made them leak the data. This data leak seems to be a warning for the company to accept the terms of the ransomware operators.

Below is the message been posted by the Netfilim Ransomware Operators-:

The Cyble Research Team has verified the data leak of around 4 GB. The data leak includes highly sensitive and confidential documents of the company such as the company’s investor relation documents, company’s events images, and many more. Below is the snapshot of the few files from the directory listing being leaked by the Netfilim ransomware operators.

As per Cyble’s researchers, more parts of data leak may be leaked online if the terms of the ransomware operators are not been fulfilled.

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web, and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.