Ransomware victim disclosure
← All victimsMegawork
Claimed by Ransomhouse · listed 6 hours ago
Status timeline
- ListedJul 16, 2026
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- Brazil
- Sector
- Business Services
- Listed on leak site
- Jul 16, 2026
About the victim
AI dossier — public-source company profileMegawork is a Brazilian SAP consultancy specializing in ERP implementation, S/4HANA migration, and application management services (AMS). They serve medium to large enterprises across utilities, mining, steel, manufacturing, wholesale, and professional services sectors, with a talent pool of over 7,000 professionals and recognition as a 2026 ISG Leader in SAP S/4HANA.
- Industry
- Enterprise Software Consulting & Implementation
Attack summary
Severity: high — Confirmed data exfiltration from a strategic technology consultancy with access to sensitive ERP systems, client implementations, and enterprise business data across regulated sectors (utilities, mining). Potential exposure of client confidential information and technical documentation.Ransomware group claims to have exfiltrated data from Megawork. The group has published the victim on their leak site, indicating data exfiltration and publication as leverage.
Data the group says was taken
AI dossier — extracted from the leak post- Client project data
- SAP implementation records
- Professional services contracts
- Business systems documentation
What the group claims
Megawork is a leading SAP consultancy specializing in the implementation, support, and optimization of technologies such as SAP S/4HANA and Microsoft Power Platform. They provide integrated solutions tailored for various sectors including services, wholesale, utilities, mining, and steel industries. The company offers a range of services including ERP system implementation, SAP S/4HANA migration, application management services, and IT professional allocation. Targeting medium and large enterprises, Megawork aims to enhance business management and delivers thorough support throughout the entire lifecycle of their clients' management systems.
Sources
Source
Indexed 6 hours agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

