Arsenal Exploits TTP Matrix KillChain Mapa Actores SSLBL RansomLook Ransomwhere Alertas CyberNews

sarcoma

4 incidentes 4 paises 3 sectores ransomware UZ Ultimo: 2026-06-25

Sarcoma ransomware group, first identified in October 2024, operates as a financially motivated threat actor primarily employing a double extortion model to maximize profit from its victims. The group's operational patterns, including the observed avoidance of infecting systems with Uzbek keyboard layouts, suggest its core operators may be located in Uzbekistan or the broader CIS region. Sarcoma quickly rose to prominence due to its aggressive campaigns and a tightly controlled operational structure managed by a compact core team, which allows for disciplined execution often not seen in newly emerged ransomware groups. It is known for rapidly escalating its victim count and is reportedly capable of utilizing zero-day exploits in its attacks, a characteristic that differentiates it from many other ransomware operations.

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →

Data

Recent Browse Trending Stats

Intel

Group URLs Crypto Leaks Notes Analyses Torrents

Info

API Glossary About

Victimas

TTPs unicas

Info robada historica

1.62 TB

Rescates reclamados

N/D

Pagos detectados

N/D

TTPs observadas

T1566 Phishing

Paises afectados

Argentina (1)

Canada (1)

Italy (1)

United States (1)

Paises objetivo (SOCRadar)

United Arab Emirates

Argentina

Austria

Australia

Bangladesh

Belgium

BulgariaBolivia, Plurinational State of

Brazil

Canada

Sectores atacados

Technology (2) Energy (1) Healthcare (1)

Sectores objetivo (SOCRadar)

Construction of BuildingsFood ManufacturingOther Information ServicesCredit UnionsSoftware PublishersReal EstateHospitalsAccommodationAir TransportationManufacturing