Back to Blog
high severity June 02, 2026 · scope unconfirmed

conduril.pt Listed by settra Ransomware Group

CONDURIL: WHAT THE COMPANY THAT BUILDS EVERYTHING IS BUILDING PROLOGUE: A FOUNDATION OF PAPER Condur...

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 02, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 2, 2026, Portuguese construction and engineering firm Conduril appeared on the leak site of the ransomware group known as settra, with attackers claiming to have exfiltrated internal company files.

Confirmed Facts from Reporting

Public reporting indicates the incident stems from a ransomware attack on Conduril’s systems. The company, which operates in heavy construction, engineering, and infrastructure projects, had internal documents posted as proof of the breach. Available reporting describes the data as internal files, though the exact volume and full list of contents remain unclear from the initial leak page. No confirmed total of affected individuals has been released, and the company has not yet issued a detailed public statement on the scope. The listing appeared on the group’s onion site, a common tactic used to pressure victims into payment.

Why This Matters for You and Your Family

When a company like Conduril suffers a breach, the information inside its files can easily include details about employees, subcontractors, suppliers, and their families. Internal files often contain contracts, HR records, invoices, contact lists, and project documents that list names, addresses, identification numbers, and financial information. If any of these records relate to you or someone in your household — perhaps through employment, a past project, or a family member’s job — your personal data may now sit on a ransomware leak site. Once posted, that information rarely disappears completely and can be downloaded by anyone with basic technical skills.

Credential leaks from such incidents frequently cascade into account takeovers elsewhere. Passwords or email addresses reused across services become entry points for attackers targeting personal accounts, including online banking, government portals, or family email.

The Doxxing and Identity-Chain Implications

Ransomware groups rarely stop at posting raw files. They often comb through stolen data to map connections between corporate identities and personal ones. A single leaked work email can link to your personal social media, phone number, or children’s accounts. This creates what security analysts call an identity chain — one breach feeding multiple follow-on attacks including doxxing, identity theft, and targeted phishing. Gaming accounts belonging to you or your children are particularly vulnerable because they frequently share the same email addresses or passwords used for work-related services. A compromised child’s gaming handle can quickly expose the family home address or parent names when linked back to the corporate breach data.

Settra’s Publicly Known Track Record

Public reporting attributes the attack to the settra ransomware group. The group emerged in recent years and has targeted organizations across multiple sectors by gaining initial access through common vectors such as phishing or exploited remote desktop services. Once inside, they exfiltrate data before encrypting systems. Their typical playbook involves posting samples of stolen files on their leak site and threatening full publication or sale of the data if the victim does not pay an extortion demand. Notable prior victims have included companies in manufacturing, logistics, and professional services, though exact details vary across incident reports.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what this breach may have exposed about you and your family.
  • Rotate any password you used at Conduril or related services anywhere it has been reused, and switch on two-factor authentication through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information surfaces you learn within hours instead of months.
  • Cover the entire household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same addresses and credentials.
  • Let DoxxScan remediation specialists handle takedown requests and broker removals for you while you focus on securing accounts and talking with your family about safer password habits.

The Conduril breach is a reminder that corporate ransomware attacks increasingly pull ordinary families into the crosshairs through employment or vendor ties. Taking concrete steps now limits how far attackers can travel down the identity chain created by this and future leaks. Start your DoxxScan trial and use its continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and family coverage including children’s gaming accounts to reduce your exposure.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.