Skip to main content

Ransomware victim disclosure

All victims

Latcom OOH Soluciones Publicitarias

listed as LATCOM · Claimed by Blacknevas · listed 9 months ago

1 TB
Data size
145146 files records
8m
Age
since listed · data leaked

Status timeline

  1. ListedOct 30, 2025
  2. Data leakeddate unknown

At a glance

Status
Data leaked
Country
Argentina
Listed on leak site
Oct 30, 2025
Data size
1 TB
Records
145146 files

About the victim

AI dossier — public-source company profile

Latcom is an Argentina-based company specializing in Out-of-Home (OOH) advertising solutions with global reach, offering media strategy, planning, and implementation of OOH campaigns. The company operates a proprietary technology platform described as holding the largest OOH industry database, enabling full campaign lifecycle management including planning, execution, control, and reporting. It maintains a wide network of OOH partners and serves clients across multiple international markets.

Industry
Out-of-Home (OOH) Advertising & Media Planning

Attack summary

Severity: high — Confirmed exfiltration of 1 TB / 145,146 files with data already published and an active auction announced; significant volume of business and potentially client PII data at stake, though no confirmed regulated medical or government data.

The blacknevas ransomware group claims to have exfiltrated approximately 1 TB of data comprising 145,146 files from Latcom, with the data published and a file listing made available via Gofile; the group is also advertising an auction of the stolen data scheduled for November 1st.

high

Data the group says was taken

AI dossier — extracted from the leak post
  • Campaign planning files
  • Client records
  • Business/operational data
  • Platform database exports
  • Internal documents

What the group claims

LATCOM.com145146 files, 1TBhttps://gofile.io/d/xNrNCufile listing, we will provide any file from the list for confirmationWe are a company specialized in Out Of Home with global reach, experts in Media Strategy, Planning and Implementation of out-of-home advertising campaigns.We use the best technology to process the most complete data in the market, ensuring that your message reaches the right audience at the right time.Our exclusive platform has the largest data base in the industry and allows you to manage all stages of a campaign: planning, execution, control and reports.We have the largest network of OOH companies in the world; and offer the best formats and solutions for our clients.ANNOUNCEMENT Due to the large number of requests, we are announcing an auction of these two companies on November 1st.write to us for information:[email protected]. Choithram And Sons, LLC www.choithrams.com/www.choithramsgcc.comhttp://ctyfftrjgtwdjzlgqh4avbd35sqrs6tde4oyam2ufbjch6oqpqtkdtid.onion/publications/details/d5deb426-7ff6-4951-a75e-4dcd304dd8fdUndefasa www.undefasa.com http://ctyfftrjgtwdjzlgqh4avbd35sqrs6tde4oyam2ufbjch6oqpqtkdtid.onion/publications/details/fb85455d-c25e-4ca8-b597-6e53202fed82

Sources

Source

Indexed 9 months ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About blacknevas

Blacknevas is an emerging ransomware group that was first observed in August 2025, appearing to be primarily financially motivated based on their targeting patterns and operational characteristics. The group's origin and potential affiliations remain unclear due to limited public documentation from established threat intelligence sources, though their diverse geographic targeting suggests either a distributed operation or broad opportunistic approach. Based on available victim data, Blacknevas has compromised at least 23 organizations across multiple countries, with the United States, Spain, India, Japan, and Thailand being the most frequently targeted nations, while their sector focus spans technology, manufacturing, energy, and consumer services industries, suggesting they employ opportunistic rather than sector-specific targeting methodologies. The group's attack vectors, specific tools, and whether they operate as a Ransomware-as-a-Service model or maintain independent operations have not been publicly documented by major cybersecurity firms or government agencies. Due to the group's recent emergence in August 2025, there is insufficient public reporting from established sources like CISA, FBI, or major threat intelligence providers to detail notable campaigns or significant attacks beyond the confirmed victim count. Given the recency of their first observed activity, Blacknevas appears to remain active as of late 2025, though comprehensive threat intelligence profiles from authoritative sources have yet to be published. The group has been linked to 36 public disclosures across our corpus. First observed on a leak site on August 6, 2025; most recent post July 14, 2026. The operation is currently active.

Also tracked as: black nevas.

Timeline of this disclosure

  • October 30, 2025LATCOM listed by blacknevason the group's public leak site
Data size
1 TB
Records
145146 files

Sector and geography

Geographically, LATCOM is reported in Argentina, a country with 29 ransomware disclosures in our corpus.

If your organisation is affected

A listing by blacknevas means LATCOM appeared on a ransomware extortion site and data attributed to it has been published. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Monitor for the data appearing on blacknevas's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.