Ransomware victim disclosure
← All victimsEcoPetróleo
Claimed by Medusa · listed 9 months ago
Status timeline
- ListedOct 14, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileEcoPetróleo is a Brazilian company operating in the energy sector, likely involved in petroleum extraction, distribution, or related services based on its name. No public site content was available to confirm operational details, scale, or exact headquarters location.
- Industry
- Oil & Gas / Petroleum
Attack summary
Severity: high — Status is data_published, meaning Medusa has already released data from a petroleum/energy sector company in Brazil, which likely contains significant business and potentially operational data; critical infrastructure context elevates severity even without confirmed PII specifics.The Medusa ransomware group claims to have attacked EcoPetróleo and has published data (disclosed status: data_published), though the specific nature of the exfiltrated or encrypted data cannot be confirmed from the available leak post content due to a CAPTCHA block.
What the group claims
EcoPetróleo is dedicated to providing petroleum products while actively engaging in environmental conservation initiatives in the Dominican Republic. The company emphasizes its commitment to corporate social responsibility through projects such as turtle nesting, beach clean-ups, and recycling programs. Their intended clients include individuals and organizations that value sustainable practices and eco-friendly services. With a focus on community and environmental welfare, EcoPetróleo strives to enhance the quality of life for all. company is headquartered in Avenida Rómulo Betancourt No. 527, El Renacimiento, Santo Domingo, Distrito Nacional, República Dominicana. 379 Employees
The leak post
captured from the group's siteHuman Verify Human verification required We need to ensure you're a real person. Please solve the captcha below to continue. Verify
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

