Ransomware victim disclosure
← All victimsSabesp
Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedNov 1, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- Brazil
- Sector
- Government
- Listed on leak site
- Nov 1, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileSabesp is Brazil's state-owned water and sanitation company serving the São Paulo metropolitan area and surrounding regions. It provides water supply, sewage collection, treatment, and disposal services to millions of residents across multiple municipalities in São Paulo state.
- Industry
- Water & Sanitation Utility
Attack summary
Severity: critical — Sabesp is critical infrastructure (water utility) serving millions; compromise of operational and customer data at 743 GB scale with confirmed exfiltration poses significant public safety and privacy risks. Affects essential services in a major Brazilian metropolitan area.Ransomhouse claims to have encrypted Sabesp's systems and exfiltrated 743 GB of data. The group is demanding a $740 ransom and has published the breach on their leak site.
Data the group says was taken
AI dossier — extracted from the leak post- operational systems data
- customer records
- financial records
- administrative files
- infrastructure documentation
What the group claims
In the name of our partners we apologize for the inconveniences that many people have to bear because of the incident. But we also want to explain the situation a bit more.First of all, the stories the Sabesp representatives tell you that they will restore their infrastructure are all lies.Our partners report that more than 2.000 servers were taken down and there are no chances those will be restored without our help as the company has no backups. If they had that data backed up, that would have already been restored.Taking into account the level of professionalism of the IT crew employeed in the company and the third parties the company has contracts with, restoration would take a minimum of 6 months or perhaps even more.With regard to company claims that no personal data was leaked, that's also not true. That was simply not disclosed yet.In addition to that, the company contacted us in the first days and we offered our help to solve the problem once and for all, but they've decided their money is more important than their clients and simple folk. At the same time we've received information they are taking a lot of cash out of the company for the purposes hardly related to solving the problem for people if you know what we mean.With our help the company infrastucture could be restored in 4-6 hours and everything could get back to normal the same day.The steps the company takes indicate that its management has no value for people and clients, the only things they have value for is money and profit, unfortunately.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

