PROMOSFERA S.R.l. (IT) alleges a ransomware incident by the threat actor blacknevas, claiming data exfiltration including passports, internal company documents, and customer and employee records, plus databases of promotional participants containing hundreds of thousands of emails and full names, and tens of thousands of emails, full names, and phone numbers. The attackers are seeking contact with partners and clients to negotiate acquisition of the stolen data and offer cooperation with law firms and data-leak victims. #Italy
Incident Details
- Victim: PROMOSFERA S.R.l.
- Sector: Business Services
- Country: IT
- Actor: blacknevas
- Source: http://ctyfftrjgtwdjzlgqh4avbd35sqrs6tde4oyam2ufbjch6oqpqtkdtid.onion/4401a68f-4fb6-4e94-a6af-c9d26c8a9c2a
- Discovered: 2026-04-30T23:19:29.212750+00:00
- Published: 2025-05-19T08:35:02+00:00
Information
- blacknevas (ransomware actor)
- Passports
- Employee and client documents
- Databases of promotional participants β hundreds of thousands of emails and full names
- Tens of thousands of emails with full names and phone numbers
- Internal company documentation
- https://gofile.io/d/5gNeSz
- https://gofile.io/d/dY7rYE
- Asking partners, friends and clients to contact them to discuss acquisition of the data
- Existing contacts should be used; new members should wait in the Contacts tab
- Offering cooperation in any form and to provide specific requested data
- Will attempt to acquire and download competitorsβ data and provide lists of requested items
- Open to cooperation with law firms and data leak victims
- Will provide information about companies negligent in protecting client data
Disclaimer: This post is based on public claims made by the ransomware group "blacknevas". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.