The Lynx ransomware group has allegedly targeted Cibraco Imóveis, a prominent real estate company with over 80 years of experience in the Curitiba metropolitan area. The cybercriminal group has published claims on its dark web leak site, stating it has exfiltrated sensitive data from the company’s network and is demanding a ransom. Cibraco has been a staple in the region’s property market for decades, handling sales and rentals, making this attack particularly significant for its large client base and the local real estate sector.
The attackers released several screenshots of a file directory as proof of their successful intrusion. The compromised data allegedly includes a wide range of highly sensitive corporate and client information. Based on the folder names, the breach appears to have exposed critical operational data. The exfiltrated files seem to originate from various departments, suggesting a deep and widespread network compromise. The scale of the alleged breach raises serious concerns about the potential exposure of personal and financial information belonging to clients, employees, and business partners.
Among the allegedly stolen data are files from the following departments:
- Finance (FINANCEIRO)
- Management/Directorate (DIRETORIA)
- Human Resources (RH)
- IT (TI)
- Sales and Broker Records (VENDAS_CIBRACO, VENDAS_CORRETORES)
- Rental Administration (ADM_LOCACAO)
- Marketing
- Legal and Property-specific documents (CONTRATO, VISTORIAS)
This incident highlights the continued threat posed by ransomware groups like Lynx, which employ double-extortion tactics by not only encrypting data but also threatening to leak it publicly to pressure victims into paying. The attack on a long-standing institution like Cibraco 🇧🇷 serves as a stark reminder for businesses of all sizes and sectors to continually bolster their cybersecurity defenses.
