Sarcoma Ransomware

Overview

Sarcoma is a prolific ransomware group operating a leak site with a large victim portfolio spanning multiple industries and geographies. They employ double extortion — stealing data before encrypting systems and threatening to publish if ransom demands go unpaid.

Tactics, Techniques & Procedures

Double extortion, custom ransomware payload, data exfiltration prior to encryption

Primary Targets

Manufacturing, Healthcare, Professional Services

Indicators of Compromise

• Custom ransomware binary
• Cobalt Strike post-exploitation
• Rclone for data exfiltration

MITRE ATT&CK Techniques

• T1486 Data Encrypted for Impact
• T1041 Exfiltration Over C2 Channel
• T1059 Command and Scripting Interpreter

LockBit Rhysida Akira DragonForce View All →