Ransomware: threeam claims ws.com.br (BR) — Business Services

A new ransomware incident has been publicly claimed by the threat group "threeam" against the Brazilian business services organization ws.com.br. The claim was published on the ransomware.live data leak site on June 12, 2026, and has been flagged under the BREACH framework. This publication indicates that the attackers have likely exfiltrated sensitive data and are threatening to release it unless a ransom is paid. The exact nature of the data compromised is not yet confirmed, but the incident targets a company in the business services sector.

The primary affected organization is ws.com.br, a Brazilian entity in the business services industry. However, this incident has broader implications for any EU or international company that shares data with or relies on ws.com.br for outsourced services. Sectors such as finance, legal, HR, and IT support that use third-party business service providers should assess their exposure. Additionally, any organization with a supply chain or data processing relationship with ws.com.br may face regulatory obligations under GDPR or local breach notification laws.

Compliance teams should immediately verify whether their organization has any data processing agreements or data flows involving ws.com.br. If so, they must assess the risk of data exposure and prepare to notify relevant supervisory authorities within 72 hours if personal data of EU residents is involved. Teams should also review their incident response plans, ensure ransomware-specific backups are isolated and tested, and monitor the ransomware.live site for any leaked data that may require further action. Finally, update third-party risk assessments to include this incident as a red flag for vendor resilience.