Quick Summary
Executive Summary
Petra Diamonds Limited, a UK-based energy sector company, was listed as a victim by the Settra ransomware group on June 30, 2026. This listing was discovered via SOCRadar’s Dark Web Monitoring. While Settra primarily targets US companies in the business services, technology, and consumer services sectors, Petra Diamonds represents a larger UK enterprise that fits the group’s opportunistic listing pattern. The Settra group has claimed 15 other victims in the 60 days leading up to this listing. Their typical victim profile, while often smaller and US-based, shows a pattern of targeting for initial access and ransomware deployment.
Technical Analysis
SOCRadar’s analysis of stealer-log telemetry revealed a significant exposure for the petradiamonds.com domain, with 25 records identified using corporate email addresses. Seven of these records exposed credentials for organizational access points, including an Identity Provider (IdP), Mimecast email gateway, and the target’s API. An additional eighteen records showed the same corporate credentials harvested from various third-party sites, indicating widespread endpoint compromise and credential reuse. The exposed credentials were valid from February to June 23, 2026, suggesting ongoing or unrotated exposure. For ransomware groups like Settra, credentials obtained from infostealer logs are a common initial access vector. Threat actors or brokers source these logs from underground marketplaces, validate corporate credentials, and use them to gain access to systems via Microsoft 365, VPNs, or remote access portals before deploying ransomware. While this specific incident’s credentials haven’t been confirmed as used by Settra, the exposure of corporate IdP, email-gateway, and API credentials aligns with the typical kill chain exploited by such groups. CTI teams are advised to prioritize password resets and Multi-Factor Authentication (MFA) for affected accounts, conduct forensic reviews of implicated endpoints, and audit authentication logs for the IdP and email gateway.