Ransomware: krybit claims coemi.com.br (BR) — Not Found

On June 19, 2026, a ransomware group known as Krybit published a claim on the ransomware.live site, alleging a breach of coemi.com.br, a Brazilian domain. The entry is labeled under the BREACH framework and is titled "Not Found," which may indicate either a failed or incomplete attack, or that the victim organization has not yet confirmed the incident. This publication serves as a public threat disclosure, typical of ransomware extortion tactics, and signals that the target may have been compromised or is being pressured to negotiate.

The primary affected organization is the entity behind coemi.com.br, likely a Brazilian company or public sector body. Given the broad nature of ransomware campaigns, any organization in Brazil or with Brazilian operations—especially those in critical infrastructure, finance, healthcare, or government—should consider themselves potentially at risk. The ransomware.live platform is a known aggregator of breach claims, so this alert may also indicate broader targeting of Latin American entities.

Compliance teams should immediately verify whether their organization or any third-party vendors use the coemi.com.br domain or related systems. If so, initiate incident response protocols, including isolating affected systems, preserving logs, and notifying relevant data protection authorities under applicable breach notification laws, such as Brazil’s LGPD. Even if not directly affected, teams should review ransomware preparedness, update backup and recovery plans, and ensure employee awareness of phishing and credential theft risks.