Australian Ransomware Update - 15th October 2024

This week we witnessed three ransomware incidents, all on the 9th of October, and all by the same group. Allow us to introduce you to Sarcoma, who this past week initiated three ransomware attacks against a manufacturing business, a transportation and logistic business and a fruit and vegetable provider. We have reviewed the data leaks, and confirm evidence of personal identifiable information, compromising personal information, for two of the three attacks, with one victim no longer appearing on the ransomware group page, suggesting the ransom has been paid. This is something we never encourage, and it is not uncommon to see a secondary attack launched if a random has been successful.

A relatively new group, appearing only in research commencing this month. This group undertakes traditional ransomware attacks, but so far has 12% of their attacks against Australia. USA represent the most interest to the group with 32% of attacks being against victims in this location.

Without knowing the details of the attack, it does appear likely the initial entry point was through social engineering exercises, such as phishing, or potentially a malware infection. Again, this is just an assumption based on the evidence presented by the group.

The ability of a new group to enter the ransomware marketplace only evidences how lucrative this 'industry' is, and why we need to be especially carefully and vigilant with our devices and data.

If you have any queries in regard to our research, or need assistance in protecting or investigating your business assets, please do reach out.