Ransomware victim disclosure
← All victimsWebPag
listed as webpag.com.br · Claimed by Ransomed · listed 3 years ago
Status timeline
- ListedOct 13, 2023
- Data leakeddate unknown
At a glance
- Group
- Ransomed
- Status
- Data leaked
- Country
- Brazil
- Sector
- Financial Services
- Listed on leak site
- Oct 13, 2023
About the victim
AI dossier — public-source company profileWebPag (webpag.com.br) is a Brazilian fintech company offering a complete platform for managing online and offline payments. Their services include Pix, credit card, boleto, recurring subscriptions, receivables anticipation, and API integrations with ERP/CRM systems. The platform serves e-commerce businesses, franchises, NGOs, tourism agencies, and other organizations across Brazil.
- Industry
- Online Payment Processing & Fintech
Attack summary
Severity: critical — WebPag is a payment processing fintech handling financial transactions, Pix payments, credit card data, and recurring billing for businesses across Brazil. Exfiltration of server data from a payment gateway operator likely involves regulated financial data and PII at scale, qualifying as critical under financial/regulated data exposure criteria.The Ransomed group claims to have accessed everything from the main company servers, stating that client/customer data was co-located on a shared server. A sample file link was published as proof of the breach.
Data the group says was taken
AI dossier — extracted from the leak post- Company server data
- Client/customer data (shared server)
- Potentially financial transaction records
- Potentially API integration credentials
The group's post references roughly 1 proof file.
What the group claims
Sample: https://qu.ax/LHRf.gOur group was able to access everything from the main company servers, and it happened that their data was on the server too(shared) Sample: https://qu.ax/LHRf.gz
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

