Disclosure context

About blacknevas

Blacknevas is an emerging ransomware group that was first observed in August 2025, appearing to be primarily financially motivated based on their targeting patterns and operational characteristics. The group's origin and potential affiliations remain unclear due to limited public documentation from established threat intelligence sources, though their diverse geographic targeting suggests either a distributed operation or broad opportunistic approach. Based on available victim data, Blacknevas has compromised at least 23 organizations across multiple countries, with the United States, Spain, India, Japan, and Thailand being the most frequently targeted nations, while their sector focus spans technology, manufacturing, energy, and consumer services industries, suggesting they employ opportunistic rather than sector-specific targeting methodologies. The group's attack vectors, specific tools, and whether they operate as a Ransomware-as-a-Service model or maintain independent operations have not been publicly documented by major cybersecurity firms or government agencies. Due to the group's recent emergence in August 2025, there is insufficient public reporting from established sources like CISA, FBI, or major threat intelligence providers to detail notable campaigns or significant attacks beyond the confirmed victim count. Given the recency of their first observed activity, Blacknevas appears to remain active as of late 2025, though comprehensive threat intelligence profiles from authoritative sources have yet to be published. The group has been linked to 31 public disclosures across our corpus. First observed on a leak site on August 6, 2025; most recent post April 30, 2026. The operation is currently active.

Also tracked as: black nevas.

Timeline of this disclosure

October 30, 2025LATCOM listed by blacknevason the group's public leak site

Data size: 1 TB
Records: 145146 files

Sector and geography

This disclosure adds to ransomware activity in the Not Found sector, which has 4,859 disclosures indexed across all operators we track. Geographically, LATCOM is reported in AR, a country with 24 ransomware disclosures in our corpus.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.

Ransomware victim disclosure

← All victims

Latcom OOH Soluciones Publicitarias

listed as LATCOM · Claimed by blacknevas · listed 7 months ago

1 TB

Data size

145146 files records

Age

since listed · data leaked

Status timeline

Listed
Oct 30, 2025
Data leaked

At a glance

Group: blacknevas
Status: Data leaked
Country: AR
Sector: Not Found
Listed on leak site: Oct 30, 2025
Data size: 1 TB
Records: 145146 files

About the victim

AI dossier — public-source company profile

Latcom is an Argentina-based company specializing in Out-of-Home (OOH) advertising solutions with global reach, offering media strategy, planning, and implementation of OOH campaigns. The company operates a proprietary technology platform described as holding the largest OOH industry database, enabling full campaign lifecycle management including planning, execution, control, and reporting. It maintains a wide network of OOH partners and serves clients across multiple international markets.

Industry: Out-of-Home (OOH) Advertising & Media Planning

Attack summary

Severity: high — Confirmed exfiltration of 1 TB / 145,146 files with data already published and an active auction announced; significant volume of business and potentially client PII data at stake, though no confirmed regulated medical or government data.

The blacknevas ransomware group claims to have exfiltrated approximately 1 TB of data comprising 145,146 files from Latcom, with the data published and a file listing made available via Gofile; the group is also advertising an auction of the stolen data scheduled for November 1st.

high

Data the group says was taken

AI dossier — extracted from the leak post

Campaign planning files
Client records
Business/operational data
Platform database exports
Internal documents

What the group claims

LATCOM.com145146 files, 1TBhttps://gofile.io/d/xNrNCufile listing, we will provide any file from the list for confirmationWe are a company specialized in Out Of Home with global reach, experts in Media Strategy, Planning and Implementation of out-of-home advertising campaigns.We use the best technology to process the most complete data in the market, ensuring that your message reaches the right audience at the right time.Our exclusive platform has the largest data base in the industry and allows you to manage all stages of a campaign: planning, execution, control and reports.We have the largest network of OOH companies in the world; and offer the best formats and solutions for our clients.ANNOUNCEMENT Due to the large number of requests, we are announcing an auction of these two companies on November 1st.write to us for information:[email protected]. Choithram And Sons, LLC www.choithrams.com/www.choithramsgcc.comhttp://ctyfftrjgtwdjzlgqh4avbd35sqrs6tde4oyam2ufbjch6oqpqtkdtid.onion/publications/details/d5deb426-7ff6-4951-a75e-4dcd304dd8fdUndefasa www.undefasa.com http://ctyfftrjgtwdjzlgqh4avbd35sqrs6tde4oyam2ufbjch6oqpqtkdtid.onion/publications/details/fb85455d-c25e-4ca8-b597-6e53202fed82

Sources

Source

Indexed 7 months ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.