Cyber Incident Victim: Rede Record

On or around October 8, 2022, the Brazilian television network RecordTV suffered a ransomware attack claimed by the ALPHV group, also known as BlackCat. The attackers encrypted the company’s systems and demanded approximately $5 million in exchange for a decryptor and a promise not to leak stolen data. ALPHV provided evidence of network compromise by publicly releasing eight files allegedly exfiltrated from RecordTV’s systems. These files included internal spreadsheets, litigation documents related to an employee dispute, and a passport belonging to a well-known presenter affiliated with the network. The attack disrupted RecordTV’s regular programming operations, though the full technical scope of affected systems was not detailed in public statements. RecordTV did not issue any public acknowledgment of the incident via its website, social media channels, or direct communications with media outlets like DataBreaches.net, which attempted to contact the company via email but received no response.

ALPHV representatives confirmed via Tox chat that negotiations with RecordTV were ongoing but declined to disclose specific details beyond stating, "We are negotiating." The ransomware group’s initial data leak of the eight proof-of-hack files occurred in mid-October 2022, shortly before October 21, but no subsequent leaks or updates were documented in the available sources. RecordTV’s operational disruptions persisted through at least October 21, with no restoration timeline or mitigation measures disclosed by the company. The compromise of the presenter’s passport and litigation records indicated the exfiltration of sensitive personnel and legal documents, though the total volume of stolen data remained unconfirmed. No further communication from RecordTV regarding data recovery, ransom payment, or system restoration was observed in the documented timeline, leaving the final resolution of the incident unclear based on available evidence.