Ransomware victim disclosure
← All victimsEstrutural Zortea
listed as ezortea.com.br · Claimed by Incransom · listed 1 day ago
Status timeline
- ListedJul 2, 2026
- Data leakeddate unknown
At a glance
- Group
- Incransom
- Status
- Data leaked
- Country
- Brazil
- Sector
- Consumer Services
- Listed on leak site
- Jul 2, 2026
About the victim
AI dossier — public-source company profileEstrutural Zortea is a Brazilian company founded in 1995 specializing in design, fabrication, and assembly of large-scale metal structures for industrial, logistics, and port applications. ISO 9001-2015 certified with a modern manufacturing facility capable of 700 tons monthly production, they serve clients across Brazil and internationally in grain storage, silos, towers, and port infrastructure.
- Industry
- Industrial Metal Structures & Engineering
- Address
- BR 282, Km 343, Trevo Oeste, Campos Novos - SC, Brazil
- Founded
- 1995
Attack summary
Severity: medium — Data published status indicates exfiltration occurred, but no specific sensitive data categories (PII at scale, financial records, or regulated data) are confirmed in the available post. No proof files or screenshots are advertised. Company operates in industrial sector without apparent critical infrastructure dependency.The ransomware group claims to have accessed Estrutural Zortea's systems and exfiltrated data. The leak post does not explicitly detail what data was taken or confirm encryption.
Data the group says was taken
AI dossier — extracted from the leak post- business operations data
- client information
- manufacturing/project records
What the group claims
Estrutural Zortea is a Brazilian company founded in 1995, specializing in the design, fabrication, and assembly of large-scale metal structures. ISO 9001-2015 certified, they provide industrial, logistics, and port solutions throughout the country. Specialties include: roofing for grain warehouses and industrial sheds, hoppers, silos, metal towers, and buildings.
Sources
Source
Indexed 1 day agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

