Everest Ransomware group claims breach of Petrobras
Learn More
The Everest ransomware group has claimed a breach of Petrobras, Brazil's majority state-owned multinational petroleum corporation headquartered in Rio de Janeiro.
The gang posted two separate breach listings on its dark web leak site on November 14, 2025. The breach apparently affects both Petrobras directly and its partner firm SAExploration.
In the first breach listing, Everest claims to have stolen a database of over 176 gigabytes of seismic navigation data from operations involving both Petrobras and SAExploration. Of this, more than 90 gigabytes allegedly belongs directly to Petrobras. The compromised data includes:
- Ship positioning and navigation coordinates
- Equipment configurations and technical specifications
- Hydrophone readings and acoustic measurements
- Depth measurements and bathymetric data
- Quality control documentation and validation reports
- Survey metadata and operational parameters
- Processed analytical reports detailing survey progress
- Initial field operation conclusions and assessments
The second breach claims a breach of Petrobras' Campos Basin seismic surveys, including both three-dimensional and four-dimensional data sets totaling an additional 90+ gigabytes. The ransomware group has provided screenshots of the allegedly stolen data as evidence to support their claims.
It's not clear whether any personal data is also stolen and whether individuals or just corporate data is exposed. Petrobras has not issued a public statement regarding these claims.
