Back to Blog
high severity July 18, 2026 · scope unconfirmed

NewNet Listed by dragonforce Ransomware Group

⚠ Were you caught in this breach?
Check your email against 15.4B+ leaked records in 15 seconds — free, no signup.
Scan my email — free → Instant · no account

NewNet S.A. is a Colombian company specializing in managing IT risks, offering advanced and personalized data protection services. Their extensive range of services includes information security, cybersecurity, business continuity, and governance, risk, and compliance (GRC) solutions. They cater to various sectors, providing consulting, technology, and managed services to ensure optimal IT operations for their clients. With a commitment to quality and collaboration with recognized manufacturers, NewNet S.A. has been delivering reliable and secure technology solutions since 1996

NewNet Listed by dragonforce Ransomware Group
Severity High
Disclosed July 18, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On July 18, 2026, NewNet S.A., a Colombian IT risk management and cybersecurity services provider established in 1996, appeared on the leak site operated by the dragonforce ransomware group. The listing states that internal files were exfiltrated during a ransomware attack. The company, which offers information security, business continuity, governance risk and compliance solutions to clients across multiple sectors, has not yet published a public breach notification quantifying the number of records affected or detailing the precise data categories involved.

Details from the Leak Site Listing

The primary disclosure on the dragonforce leak site indicates that NewNet S.A. suffered a ransomware incident in which attackers successfully exfiltrated internal files. The posting does not specify the volume of data taken, the exact file types exposed, or any ransom demand amount. It simply confirms the breach occurred and that stolen material is now hosted on the group’s extortion platform. Because the listing originates directly from the threat actor’s site, the facts presented here reflect only what the actors themselves chose to publish. No independent regulator filing or customer notification has yet surfaced to add further granularity.

Why This Matters for You and Your Family

When a cybersecurity services company like NewNet is breached, the ripple effects reach far beyond the organization itself. Clients who entrusted the firm with information security and GRC data may now face secondary exposure if those records were among the exfiltrated files. For ordinary people whose employers, healthcare providers, or financial institutions contract with such firms, this means your personal details could be sitting in an attacker-controlled archive even though you never had a direct relationship with NewNet. The disclosure therefore creates an indirect but real risk to households whose data travels through managed service providers.

Doxxing and Identity-Chain Implications

Internal files taken in ransomware attacks frequently contain spreadsheets that map employee names to personal emails, phone numbers, project codes, and partner contact lists. Once published, these details become building blocks for doxxing chains: an attacker links your work email to a personal account, then to a reused password, then to a child’s gaming username that shares the same recovery phone number. The result is a single point of failure that can cascade into account takeovers, SIM-swapping attempts, or targeted extortion. Because NewNet specializes in protecting other organizations, any address books or credential repositories stolen here could accelerate exactly these identity-linkage attacks against you and your family.

Dragonforce’s Publicly Known Track Record

Public reporting attributes the dragonforce ransomware group with emerging in late 2023 and rapidly adopting a double-extortion model that combines data encryption with public leak-site pressure. The group has listed victims ranging from mid-sized manufacturers to technology consultancies, typically gaining initial access through compromised remote desktop credentials or exploited vulnerabilities in internet-facing applications. After exfiltration, dragonforce follows a predictable playbook: it first demands ransom from the victim, then posts samples and eventually bulk downloads on its onion site if payment is not received. The NewNet listing fits this established pattern, though the precise initial access vector used against the Colombian firm remains undisclosed.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real-world identity, then use the no-subscription cleanup to break those chains.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure surfaces in hours rather than months.
  • Rotate any passwords you previously used at NewNet or its client systems and enforce 2FA through an authenticator app everywhere those credentials were reused.
  • Cover the entire household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same address or phone number.
  • Let remediation specialists handle data-broker takedown requests and ongoing exposure cleanup on your behalf.

The NewNet breach underscores a hard truth: even companies hired to reduce risk can become the vector that exposes you. A forward-looking defense starts with assuming your information is already circulating and acting immediately to sever the links attackers rely on. DoxxScan by GalaxyWarden delivers exactly that capability through continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts vulnerable to credential-stuffing attacks. Source: dragonforce leak site via ransomware.live

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.