Ransomware victim disclosure
← All victimsS.Y.L Pastilhas e Sapatas de Freios
Claimed by NIGHT SPIRE · listed 18 hours ago
Status timeline
- Listed
Jun 6, 2026
Current state: Listed for ransom
At a glance
- Group
- NIGHT SPIRE
- Status
- Listed for ransom
- Country
- Brazil
- Sector
- Manufacturing/Automotive
- Listed on leak site
- Jun 6, 2026
- Data size
- 600 GB
About the victim
AI dossier — public-source company profileS.Y.L Pastilhas e Sapatas de Freios is a Brazilian manufacturer of brake pads and brake shoes (sapatas de freios) located in Sorocaba, São Paulo. The company operates in the automotive parts supply sector.
- Industry
- Automotive Brake Components Manufacturing
- Address
- Av. Vela Olímpica, 851, Sorocaba - SP, Brasil
Attack summary
Severity: medium — The group claims exfiltration of 600 GB of sensitive business data including financial, HR, and technical information. However, no proof files/screenshots are advertised (post repeatedly states 'Data is not available now'), and no ransom demand is stated. The data includes PII and business-critical information but lacks confirmation of actual data availability or publication.NIGHT SPIRE claims to have exfiltrated approximately 600 GB of data from S.Y.L, including financial documents, HR records, banking data, accounting records, technical drawings, contracts, and customer information. The group lists the victim on its leak site but indicates data is currently unavailable.
Data the group says was taken
AI dossier — extracted from the leak post- Financial documents
- HR and employee records
- Banking and financial records
- Accounting and tax records
- Technical drawings
- Contracts and invoices
- Customer data
- QuickBooks files
- MSSQL databases
- Email and SMS data
- Business strategy files
The leak post
captured from the group's site- Financial Documents- HR Data- Supervisor's Information Data is not available now. Data is not available now. Data is not available now. [la familia adualt day center](http://www.lafamiliaadultdaycenter.com) Data is not available now. Data is not available now. - QuickBooks Files- Scanned tax returns- Proposal, Contrats- QuickBooks automated backups - Banking & Financial Records- Personal data- Critical POS Data - Banking & Financial Data- Accounting & Tax Records - Financial & Accounting Records- Human Resources- Sales & Marketing - Sales Related Documents- Human Resources- Sensitive Employee Records- Email and SMS Data Data is not available now. - Technical Documents- Financial Sheets- Contracts & Invoices- Business strategy files - MSSQL-DB- HR Documents- Contracts Data is not available now. [Progressive Oral Surgery & Implantology](http://nspirep7orjq73k2x2fwh2mxgh74vm2now6cdbnnxjk2f5wn34bmdxad.onion/progressiveoralsurgery.com) - Patients Information Records- Financial Records [The Country Club of Darien](http://nspirep7orjq73k2x2fwh2mxgh74vm2now6cdbnnxjk2f5wn34bmdxad.onion/CCDarien.org) - Sales / agent / commercial operations- Industrial / manufacturing / tooling business dat…
Data the group says was taken
- Drawings
- Customized data according to clients
Screenshot of the leak post
Sources
Source
Indexed 18 hours agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.