Ransomware victim disclosure
← All victimsHIDROCARBUROS ARGENTINOS S.A.
Claimed by Blacklock · listed 1 year ago
Status timeline
- ListedMay 16, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileHIDROCARBUROS ARGENTINOS S.A. (HASA) is an Argentine energy services company founded in 1994 that provides maintenance, emergency intervention, and operational support to the oil and gas industry. Based in Buenos Aires, the company operates a fleet of vehicles and equipment for anticorrosive protection, plant operations, and industrial facility maintenance.
- Industry
- Energy & Oil/Gas Services
- Address
- Buenos Aires, Buenos Aires F.D., Argentina
- Employees
- 500-999
- Founded
- 1994
Attack summary
Severity: high — Confirmed data exfiltration from a critical energy sector company with significant ransom demand ($35.1M) and public disclosure. Energy sector data is strategically sensitive; operational and client information from oil/gas service providers poses business continuity and national infrastructure risks.BlackLock claims to have exfiltrated data from HASA. The group is demanding $35.1M in ransom and has published the breach on their leak site, indicating data exfiltration rather than encryption-only attack.
Data the group says was taken
AI dossier — extracted from the leak post- Business records
- Operational data
- Client information
- Employee records
What the group claims
Energy, Utilities & Waste · Argentina 638 Employees HASA (Hidrocarburos Argentinos SA) is a company that operates in the Energy, Utilities & Waste industry. It employs 500to999 people and has 25Mto50M of revenue. The company is headquartered in Buenos Aires, Buenos Aires F.D., Argentina. Revenue $35.1 Million
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

