Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang
May 21, 2025, 9:52 p.m.
Description
Sarcoma Ransomware, first detected in October 2024, has rapidly become a major cybersecurity threat, targeting high-value companies across industries. It uses advanced tactics like zero-day exploits and RMM tools for network discovery and credential theft. The group has impacted organizations in various countries, with the USA, Italy, and Canada being the most affected. Sarcoma employs sophisticated encryption techniques, combining RSA and ChaCha20, and has versions for both Windows and Linux systems. The malware includes network propagation capabilities and anti-recovery measures for hypervisor systems. Notably, it avoids infecting systems with Uzbek keyboard layouts, suggesting possible origins or affiliations. The group's activities highlight the need for improved cybersecurity measures in organizations worldwide.
Tags
Date
- Created: May 20, 2025, 7:18 p.m.
- Published: May 20, 2025, 7:18 p.m.
- Modified: May 21, 2025, 9:52 p.m.
Indicators
- 7ea6af07ca9ed77934b2398e898afe4eaa13d29022fcf5da33254769ad284d75
- 6669cfeba5619b6f4d80b1281adfe69c87d845ebaaf9e83c25efa01a8267e751
Additional Informations
- Australia
- Spain
- Italy
- Canada
- United Kingdom of Great Britain and Northern Ireland
- Brazil
- United States of America