Cyber Incident Victim: Cementos Progreso

On or around April 21, 2023, the ransomware group known as BlackCat added the Guatemalan company Cementos Progreso to its data leak site. Cementos Progreso is a cement manufacturer with a business presence in seven Latin American countries. The threat actors provided samples of data allegedly exfiltrated from the company's network as proof of their claim. These sample files consisted of internal company documents. The specific nature of these documents or the total volume of data stolen was not detailed in the public claim by the threat actors. There was no public statement from BlackCat regarding the initial attack vector used to gain access to Cementos Progreso's systems, nor was there any mention of encryption occurring during the incident, suggesting the attack may have been solely a data extortion event.

Following the appearance of the claim on the leak site, attempts were made by an independent security news outlet, DataBreaches, to contact Cementos Progreso for confirmation. Emails were sent to the company on April 21, 2023, and again on April 24, 2023. The company did not respond to these initial inquiries. Concurrently, an examination of the company's official public-facing communication channels was conducted. No notice of a cybersecurity incident, data breach, or any form of IT disruption was found on the Cementos Progreso website or its associated social media networks during this time period. The absence of a public statement from the victim company and its lack of response to media inquiries left the threat actors' claims unverified by the organization itself.

A significant development occurred on April 27, 2023, when the listing for Cementos Progreso was removed from BlackCat's leak site. The deletion of a victim listing from a ransomware group's site can sometimes indicate that a ransom has been paid, that negotiations are ongoing, or that the initial claim was erroneous. However, no official reason for the removal was provided by BlackCat. Furthermore, Cementos Progreso did not issue any public communication explaining the removal of the listing or confirming any aspect of the incident. The company's continued silence meant the status of any potentially stolen data remained unclear, including whether it was ever leaked or destroyed following the listing's removal.

The impact of the incident on Cementos Progreso's operations was not publicly disclosed. There were no reports of production halts, logistical disruptions, or service outages attributable to a cyber attack. The lack of an official statement from the company means the full scope and consequences of the event cannot be definitively confirmed. Potential impacts, such as the exposure of sensitive internal business information contained within the stolen documents or reputational damage stemming from the public attack claim, remain possible but unverified outcomes. The incident involving Cementos Progreso was one of several attacks claimed by the BlackCat group around the same timeframe, including similar claims against other Latin American companies like Saville Row in Chile and Seguros la Occidental in Venezuela. The group employed a consistent tactic of threatening to leak or sell exfiltrated data to pressure its victims into paying a ransom.