The Everest ransomware group claimed a data breach targeting Petrobras, Brazil’s state-owned oil giant, alleging the theft of over **176 GB of seismic navigation data**, with **90+ GB belonging directly to Petrobras**. The compromised files include **highly sensitive technical details**—ship positioning, equipment configurations, hydrophone readings, depth measurements, quality control documents, metadata, and processed reports outlining survey progress and operational conclusions.Seismic surveys are **critical for oil/gas exploration**, requiring massive investments. Competitors gaining access to this data could **replicate Petrobras’ methods, reduce their own costs, or leverage it in contract negotiations**, undermining the company’s competitive edge. The group also targeted **Campos Basin seismic surveys (3D/4D datasets)**, totaling another **90+ GB** with similar sensitive information, including ship coordinates, source depths, and shot pressures.Everest demanded Petrobras contact them via **Tox encrypted messaging within four days**, threatening further action if ignored. The breach poses **strategic risks to Petrobras’ industrial competitiveness and operational security**, with potential long-term financial and reputational damage. The company has not yet publicly responded to the claims.
Source: https://hackread.com/everest-ransomware-brazil-petrobras-breach/
Petrobras cybersecurity rating report: https://www.rankiteo.com/company/petrobras
"id": "PET1592215112025",
"linkid": "petrobras",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'petroleum (oil and gas)',
'location': 'Rio de Janeiro, Brazil',
'name': 'Petrobras',
'size': 'large (multinational)',
'type': 'majority state-owned multinational '
'corporation'},
{'industry': 'oil and gas (seismic data services)',
'name': 'SAExploration',
'type': 'partner firm'}],
'data_breach': {'data_exfiltration': '176 GB total (90 GB directly attributed '
'to Petrobras; additional 90 GB from '
'Campos Basin surveys)',
'file_types_exposed': ['databases',
'documents',
'processed reports',
'survey progress logs',
'initial field conclusions'],
'sensitivity_of_data': 'high (industrial trade secrets, '
'proprietary survey methods, '
'competitive intelligence)',
'type_of_data_compromised': ['seismic navigation data',
'technical operational data',
'3D/4D survey datasets',
'quality control documents',
'metadata',
'processed field reports']},
'date_publicly_disclosed': '2025-11-14',
'description': 'The Everest ransomware group listed two separate entries on '
'its dark web leak site, both targeting Petrobras, a Brazilian '
'state-owned petroleum corporation. The group claims to have '
'stolen over 176 GB of seismic navigation data, including '
'highly sensitive technical information related to Petrobras '
'and its partner firm, SAExploration. The data includes ship '
'positioning, equipment configurations, hydrophone readings, '
'depth measurements, quality control documents, metadata, and '
'processed reports. The group has demanded Petrobras contact '
'them via Tox within four days or face further action. The '
'breach could enable competitors to replicate Petrobras’ '
'methods, lower their own costs, or gain leverage in contract '
'negotiations.',
'impact': {'brand_reputation_impact': ['potential damage due to exposure of '
'sensitive industrial data',
'lack of public response may '
'exacerbate reputational harm'],
'data_compromised': ['seismic navigation data (176 GB total)',
'ship positioning',
'equipment configurations',
'hydrophone readings',
'depth measurements',
'quality control documents',
'metadata',
'processed reports',
'3D/4D seismic survey data (90 GB)',
'ship coordinates',
'source depths',
'shot pressures',
'equipment alignment',
'field survey documentation'],
'operational_impact': ['potential replication of Petrobras’ '
'seismic survey methods by competitors',
'lowered costs for competitors',
'leverage in contract negotiations',
'strategic disadvantage in energy sector '
'operations']},
'initial_access_broker': {'data_sold_on_dark_web': ['alleged leak site '
'listings',
'screenshots published as '
'proof'],
'high_value_targets': ['seismic survey databases',
'proprietary oil/gas '
'exploration data']},
'investigation_status': 'ongoing (no public confirmation from Petrobras; '
'media outreach pending)',
'motivation': ['financial gain',
'data exfiltration for competitive advantage'],
'ransomware': {'data_exfiltration': '176 GB (seismic and survey data)',
'ransom_demanded': ['unspecified amount',
'contact via Tox within 4 days'],
'ransomware_strain': 'Everest Ransomware'},
'references': [{'date_accessed': '2025-11-14', 'source': 'Hackread.com'}],
'response': {'communication_strategy': ['no public comment as of disclosure',
'media outreach by Hackread.com for '
'statement']},
'threat_actor': 'Everest Ransomware Group',
'title': 'Everest Ransomware Group Targets Petrobras in Alleged Data Breach '
'Involving Seismic Survey Data',
'type': ['data breach', 'ransomware attack']}