[SINOBI] – Ransomware Victim: Grupo JSA

AI Generated Summary of the Ransomware Leak Page

Grupo JSA, an architecture, engineering & design firm, is identified as the victim on a ransomware leak page attributed to the threat group sinobi. The post describes Grupo JSA as employing between 20 and 49 people and generating roughly 5 to 10 million in revenue. The leak post is dated October 20, 2025, at 19:59:05.201000; because no specific compromise date is provided, this timestamp is treated as the post date. The description notes the company is based in Rio de Janeiro, Brazil. A claim URL is present on the page, indicating the attackers intend to share more information or negotiate, but the URL itself is not shown in the provided data. The current record shows no attached files, downloads, or images on the page: there are zero images and zero downloadable files published in the entry.

Regarding impact and data exposure, the dataset does not specify whether the incident involved encryption or data exfiltration, and no ransom amount is listed. The absence of visible screenshots or documents on the page limits verification of the breach’s scope from this entry alone. The presence of a claim URL suggests there may be additional information or negotiations to come, but no further content is visible here. Given the available evidence, defenders should monitor for updates on the leak page and in credible third-party reporting for any data samples, documents, or explicit ransom demands that may be released later.