New Ransomware Group Sarcoma Targets Australian Companies

0

A relatively new ransomware group called Sarcoma claims to have stolen data from four Australian companies, including Road Distribution Services, Perfection Fresh, the Plastic Bag Company and Sydney-based Meshworks.

Aside from the Australian businesses, Sarcoma has listed another two dozen plus companies it says it has taken data from and posted samples of some on the dark web. “If you see your company on our website, it means that security was low,” the group says.

“The Sarcoma Group is a relatively new ransomware group that emerged in October 2024,” said Tenable Senior Staff Researcher Satnam Narang.  “As of the end of October 2024, the group has listed 38 companies on their data leak site, a place where ransomware groups post information on their alleged victims, teasing some of the stolen information, the amount of data stolen as well as a countdown for when the information will be published if a ransom is not paid. Four of the 38 alleged victims are located in Australia with over 700GB of stolen data from these organisations. So far, only one affected entity has had their data published by the group, while the timer has been paused for another. 

 Sarcoma says it has stolen 3.6 gigabytes of data from Sydney-based manufacturer The Plastic Bag Company. Among the sample data published are partial tax file numbers and passport scans. The group has published some personal data relating to employees at Perth-based Road Distribution Services, as well as spreadsheets detailing work with clients, including Coles and Woolworths.

Perfection Fresh has lost 690 gigabytes of data. Sarcoma has released a sample of internal documents as proof of the cyberattack. Among the data stolen from Meshworks is supplier and employee information, including some data connected with tax returns.

“The Sarcoma Group advertises its mission as showing the world “how important it is to keep data safe” and that if a company or website is listed on their data leak site, it is because their “security was low.” They openly work with initial access brokers, what they call “interested parties” as well as “aggrieved employees of companies” to work with them to become “stronger and richer,” Narang added.

“Given that Sarcoma is still a new group, we’re learning about them, including the tactics, techniques, and procedures utilised by the affiliates of the group,” he said. “Because ransomware is one of the most profitable ventures in cybercrime, groups like Sarcoma are a reminder that even with law enforcement action being taken against the bigger ransomware groups, there is still plenty of room for other groups to rise to try to capture a piece of the pie.”

Share.