Petrobras
Company Details
Linkedin ID:
petrobras
Website:
Employees number:
53,942
Number of followers:
3,611,728
NAICS:
211
Industry Type:
Homepage:
petrobras.com.br
IP Addresses:
0
Company ID:
PET_1634199
Scan Status:
In-progress
Petrobras Company CyberSecurity Posture
petrobras.com.br
Nosso propósito é prover energia que assegure prosperidade de forma ética, justa, segura e competitiva. Queremos ser a melhor empresa diversificada e integrada de energia na geração de valor, construindo um mundo mais sustentável, conciliando o foco em óleo e gás com a diversificação em negócios de baixo carbono (inclusive produtos petroquímicos e fertilizantes), sustentabilidade, segurança, respeito ao meio ambiente e atenção total às pessoas. Saiba mais em petrobras.com.br
Petrobras A.I CyberSecurity Scoring
Petrobras Risk Score (AI oriented)Between 750 and 799
Petrobras
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Petrobras Global Score (TPRM)XXXX
Petrobras
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Petrobras Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Petrobras
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Everest ransomware group claimed a data breach targeting Petrobras, Brazil’s state-owned oil giant, alleging the theft of over **176 GB of seismic navigation data**, with **90+ GB belonging directly to Petrobras**. The compromised files include **highly sensitive technical details**—ship positioning, equipment configurations, hydrophone readings, depth measurements, quality control documents, metadata, and processed reports outlining survey progress and operational conclusions.Seismic surveys are **critical for oil/gas exploration**, requiring massive investments. Competitors gaining access to this data could **replicate Petrobras’ methods, reduce their own costs, or leverage it in contract negotiations**, undermining the company’s competitive edge. The group also targeted **Campos Basin seismic surveys (3D/4D datasets)**, totaling another **90+ GB** with similar sensitive information, including ship coordinates, source depths, and shot pressures.Everest demanded Petrobras contact them via **Tox encrypted messaging within four days**, threatening further action if ignored. The breach poses **strategic risks to Petrobras’ industrial competitiveness and operational security**, with potential long-term financial and reputational damage. The company has not yet publicly responded to the claims.
Petrobras Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Petrobras
Incidents vs Oil and Gas Industry Average (This Year)
Petrobras has 17.65% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Petrobras has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types Petrobras vs Oil and Gas Industry Avg (This Year)
Petrobras reported 1 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Petrobras (X = Date, Y = Severity)
Petrobras cyber incidents detection timeline including parent company and subsidiaries
Petrobras Company Subsidiaries
Nosso propósito é prover energia que assegure prosperidade de forma ética, justa, segura e competitiva. Queremos ser a melhor empresa diversificada e integrada de energia na geração de valor, construindo um mundo mais sustentável, conciliando o foco em óleo e gás com a diversificação em negócios de baixo carbono (inclusive produtos petroquímicos e fertilizantes), sustentabilidade, segurança, respeito ao meio ambiente e atenção total às pessoas. Saiba mais em petrobras.com.br
Loading...
Petrobras Similar Companies
Suncor
In 1967, we pioneered commercial development of Canada's oil sands – one of the largest petroleum resource basins in the world. Since then, Suncor has grown to become a globally competitive integrated energy company with a balanced portfolio of high-quality assets, a strong balance sheet and signifi
Besmindo Group
Besmindo Group is a leader in providing new tool joints; repair & redress of tool joints, pup joints, drill pipes, threads for tool joints and OCTG tubing. The mission is to continually provide these and other services by promoting a reputation for excellence and value while fully anticipating, then
ExxonMobil
The need for energy is universal. That's why ExxonMobil scientists and engineers are pioneering new research and pursuing new technologies to reduce emissions while creating more efficient fuels. We're committed to responsibly meeting the world's energy needs. We aim to achieve #netzero emissions
At Enbridge, our goal is to be the first-choice energy delivery company in North America and beyond—for customers, communities, investors, regulators and policymakers, and employees. We also recognize the importance of a secure, reliable and affordable supply of energy, which we deliver every day th
We are one of the world's leading energy producers, and a primary catalyst for Abu Dhabi’s growth and diversification. We operate across the entire hydrocarbon value chain, through a network of fully-integrated businesses, with interests that range from exploration, production, storage, refining a
PT Pertamina (Persero) is an Indonesian state-owned enterprise, which is engaged in the integrated energy in Indonesia. Established on December 10, 1957, Pertamina had the experiences in upstream, midstream, downstream and renewable energy sectors for more than 50 years. This is the official Link
aramco
We’re a leading producer of the energy and chemicals that drive global commerce and enhance the daily lives of people around the globe by continuing delivering an uninterrupted supply of energy to the world. Our resilience and agility has built one of the world’s largest integrated energy and chemi
Tenaris
Tenaris is a leading supplier of tubes and related services for the world’s energy industry and certain other industrial applications. Our mission is to deliver value to our customers through product development, manufacturing excellence, and supply chain management. Tenaris employees around the wor
At Repsol, we are at the forefront of the energy sector to build the future of energy with innovation and sustainability. We are a strong multienergy company that creates value in an integrated, diversified, and sustainable way to promote progress in society. We leverage our past experience to be pr
.png)
Petrobras CyberSecurity News
November 23, 2025 08:00 AM
A hacker group has issued an ultimatum after claiming to have 90 GB of Petrobras data, exposing a flaw in a supplier, raising concerns about weaknesses in the security chain, and pressuring the state-owned company for an immediate response.
The Petrobras data is believed to be contained in two large information packages extracted after the intrusion into the systems of SA...
October 01, 2025 07:00 AM
Petrobras signs R$2,3 billion contract with Elea Digital to operate a strategic data center in Brazil for 17 years
Petrobras has signed a multi-billion dollar contract with Elea Digital to expand strategic data center services in Brazil.
September 04, 2025 07:00 AM
Petrobras return may drop with renewable shift
Investments or partnerships in energy transition projects could alter Petrobras's risk profile and reduce its portfolio return, the company warned.
December 23, 2024 08:00 AM
Brazil Cybersecurity Salaries: What Can You Expect to Earn?
Discover what you can expect to earn in cybersecurity in Brazil. Learn about salaries for all levels and factors influencing pay.
December 23, 2024 08:00 AM
Top Cybersecurity Employers in Brazil: Who's Hiring and What They Look For
Brazil is facing a potential shortage of 800,000 cybersecurity professionals by 2024, creating vast job opportunities.
September 14, 2023 03:42 PM
Petrobras’ Digital Journey with IT-OT-ET Convergence
Pedro Vieira, Manager at Petrobras, recently discussed with ARC how the company is leveraging digital technologies to improve efficiency,...
December 15, 2022 10:17 PM
Paulina Okunytė
Paulina is a journalist who covers breaking news, focusing on science and exclusive cybersecurity research.
June 21, 2022 07:00 AM
E&E News: Brazil's Petrobras CEO resigns amid pressure over prices
ENERGYWIRE | The chief executive of Brazil's state-run oil giant Petrobras resigned yesterday amid political pressure from top lawmakers and...
January 12, 2021 08:00 AM
The Latin American energy sector: How to address cybersecurity
Electric-power and gas companies are vulnerable to cyberattacks, but a structured approach that applies communication, organizational, and process frameworks...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Petrobras CyberSecurity History Information
Official Website of Petrobras
The official website of Petrobras is http://www.petrobras.com.br.
Petrobras’s AI-Generated Cybersecurity Score
According to Rankiteo, Petrobras’s AI-generated cybersecurity score is 752, reflecting their Fair security posture.
How many security badges does Petrobras’ have ?
According to Rankiteo, Petrobras currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Petrobras have SOC 2 Type 1 certification ?
According to Rankiteo, Petrobras is not certified under SOC 2 Type 1.
Does Petrobras have SOC 2 Type 2 certification ?
According to Rankiteo, Petrobras does not hold a SOC 2 Type 2 certification.
Does Petrobras comply with GDPR ?
According to Rankiteo, Petrobras is not listed as GDPR compliant.
Does Petrobras have PCI DSS certification ?
According to Rankiteo, Petrobras does not currently maintain PCI DSS compliance.
Does Petrobras comply with HIPAA ?
According to Rankiteo, Petrobras is not compliant with HIPAA regulations.
Does Petrobras have ISO 27001 certification ?
According to Rankiteo,Petrobras is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Petrobras
Petrobras operates primarily in the Oil and Gas industry.
Number of Employees at Petrobras
Petrobras employs approximately 53,942 people worldwide.
Subsidiaries Owned by Petrobras
Petrobras presently has no subsidiaries across any sectors.
Petrobras’s LinkedIn Followers
Petrobras’s official LinkedIn profile has approximately 3,611,728 followers.
NAICS Classification of Petrobras
Petrobras is classified under the NAICS code 211, which corresponds to Oil and Gas Extraction.
Petrobras’s Presence on Crunchbase
No, Petrobras does not have a profile on Crunchbase.
Petrobras’s Presence on LinkedIn
Yes, Petrobras maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/petrobras.
Cybersecurity Incidents Involving Petrobras
As of December 14, 2025, Rankiteo reports that Petrobras has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Petrobras has an estimated 10,552 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Petrobras ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does Petrobras detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with no public comment as of disclosure, communication strategy with media outreach by hackread.com for statement..
Incident Details
Can you provide details on each incident ?
Title: Everest Ransomware Group Targets Petrobras in Alleged Data Breach Involving Seismic Survey Data
Description: The Everest ransomware group listed two separate entries on its dark web leak site, both targeting Petrobras, a Brazilian state-owned petroleum corporation. The group claims to have stolen over 176 GB of seismic navigation data, including highly sensitive technical information related to Petrobras and its partner firm, SAExploration. The data includes ship positioning, equipment configurations, hydrophone readings, depth measurements, quality control documents, metadata, and processed reports. The group has demanded Petrobras contact them via Tox within four days or face further action. The breach could enable competitors to replicate Petrobras’ methods, lower their own costs, or gain leverage in contract negotiations.
Date Publicly Disclosed: 2025-11-14
Type: data breach
Threat Actor: Everest Ransomware Group
Motivation: financial gaindata exfiltration for competitive advantage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : data breach PET1592215112025
Data Compromised: Seismic navigation data (176 gb total), Ship positioning, Equipment configurations, Hydrophone readings, Depth measurements, Quality control documents, Metadata, Processed reports, 3d/4d seismic survey data (90 gb), Ship coordinates, Source depths, Shot pressures, Equipment alignment, Field survey documentation
Operational Impact: potential replication of Petrobras’ seismic survey methods by competitorslowered costs for competitorsleverage in contract negotiationsstrategic disadvantage in energy sector operations
Brand Reputation Impact: potential damage due to exposure of sensitive industrial datalack of public response may exacerbate reputational harm
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Seismic Navigation Data, Technical Operational Data, 3D/4D Survey Datasets, Quality Control Documents, Metadata, Processed Field Reports and .
Which entities were affected by each incident ?
Incident : data breach PET1592215112025
Entity Name: Petrobras
Entity Type: majority state-owned multinational corporation
Industry: petroleum (oil and gas)
Location: Rio de Janeiro, Brazil
Size: large (multinational)
Incident : data breach PET1592215112025
Entity Name: SAExploration
Entity Type: partner firm
Industry: oil and gas (seismic data services)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : data breach PET1592215112025
Communication Strategy: no public comment as of disclosuremedia outreach by Hackread.com for statement
Data Breach Information
What type of data was compromised in each breach ?
Incident : data breach PET1592215112025
Type of Data Compromised: Seismic navigation data, Technical operational data, 3d/4d survey datasets, Quality control documents, Metadata, Processed field reports
Sensitivity of Data: high (industrial trade secrets, proprietary survey methods, competitive intelligence)
Data Exfiltration: 176 GB total (90 GB directly attributed to Petrobras; additional 90 GB from Campos Basin surveys)
File Types Exposed: databasesdocumentsprocessed reportssurvey progress logsinitial field conclusions
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : data breach PET1592215112025
Ransom Demanded: ['unspecified amount', 'contact via Tox within 4 days']
Ransomware Strain: Everest Ransomware
Data Exfiltration: 176 GB (seismic and survey data)
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Hackread.comDate Accessed: 2025-11-14.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : data breach PET1592215112025
Investigation Status: ongoing (no public confirmation from Petrobras; media outreach pending)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through No Public Comment As Of Disclosure and Media Outreach By Hackread.Com For Statement.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : data breach PET1592215112025
High Value Targets: Seismic Survey Databases, Proprietary Oil/Gas Exploration Data,
Data Sold on Dark Web: Seismic Survey Databases, Proprietary Oil/Gas Exploration Data,
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was ['unspecified amount', 'contact via Tox within 4 days'].
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Everest Ransomware Group.
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-14.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were seismic navigation data (176 GB total), ship positioning, equipment configurations, hydrophone readings, depth measurements, quality control documents, metadata, processed reports, 3D/4D seismic survey data (90 GB), ship coordinates, source depths, shot pressures, equipment alignment, field survey documentation and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were metadata, processed reports, equipment configurations, 3D/4D seismic survey data (90 GB), ship positioning, quality control documents, depth measurements, shot pressures, source depths, hydrophone readings, seismic navigation data (176 GB total), field survey documentation, equipment alignment and ship coordinates.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was ['unspecified amount', 'contact via Tox within 4 days'].
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Hackread.com.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (no public confirmation from Petrobras; media outreach pending).
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 2.6
Severity: HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=petrobras' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
