Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Sarcoma Ransomware, first detected in October 2024, has rapidly become a major cybersecurity threat, targeting high-value companies across industries. It uses advanced tactics like zero-day exploits and RMM tools for network discovery and credential theft. The group has impacted organizations in various countries, with the USA, Italy, and Canada being the most affected. Sarcoma employs sophisticated encryption techniques, combining RSA and ChaCha20, and has versions for both Windows and Linux systems. The malware includes network propagation capabilities and anti-recovery measures for hypervisor systems. Notably, it avoids infecting systems with Uzbek keyboard layouts, suggesting possible origins or affiliations. The group's activities highlight the need for improved cybersecurity measures in organizations worldwide.
OPENCTI LABELS :
linux,windows,encryption,chacha20,hypervisor,sarcoma ransomware,rsa,network propagation
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang