The ShadowByt3$ ransomware group claims to have breached Forestal Atlántico Sur (FAS), a prominent Uruguayan forestry and timber export company. The threat actors state they exfiltrated approximately 9.24 GB of data by scraping the company’s S3 buckets and Azure blobs. The group has issued a 72-hour deadline for the company to negotiate a ransom payment, threatening to sell the database if their demands are ignored.
According to the actor, the allegedly compromised data includes:
-
Complete database backups, including thousands of PostgreSQL dumps from 2018 to May 2023.
-
Employee and contractor identities, including full legal names and 8-digit Uruguayan Cédula de Identidad (CI) government ID numbers.
-
Employment history details, including dates of hire, dismissal records, and payroll categories.
-
Confidential medical data, including expiration dates for mandatory Health Cards (Carné de Salud).
-
Global logistics and shipping logs detailing timber exports to China and Vietnam, including vessel names, container IDs, and net cargo weights.
-
Trade secrets, including specific timber pricing, customer names, and payment method details.
-
Physical asset mapping, featuring precise GPS coordinates for forest plots and equipment locations in rural Uruguayan departments.
-
Equipment logs tracking high-value machinery.
-
Internal safety and compliance manuals for forestry management.
Daily Dark WebRead More
R1
T1
