Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
New Zealand hardware chain impacted by alleged 160-gigabyte data breach, employee passports compromised.
The Sarcoma ransomware operation has listed the Kiwi hardware chain The ToolShed as a victim on its darknet leak site, claiming to have stolen 160 gigabytes of data.
The leak post was made on 4 April and the hackers are planning to publish the data within five days as of the time of writing.
Sarcoma has not listed a ransom demand, but the gang has shared several documents allegedly stolen during the attack, which include financial documents and scans of several New Zealand passports that appear to belong to employees of The ToolShed.
Cyber Daily has contacted The ToolShed for comment but has yet to receive a response.
Sarcoma is a relatively new ransomware outfit, having first been observed in October 2024. Despite that, according to Rapid7’s principal threat analyst Matt Green, the gang is “rapidly gaining attention with the public posting of multiple victims on its leak site”.
“Sarcoma employs a double-extortion strategy, combining ransomware encryption with data exfiltration to pressure organisations into paying ransom,” Green said.
Security analysts believe Sarcoma is based somewhere in eastern Europe and that it may have links to another, pre-existing group operating in the same region. Sarcoma’s previous victims in the ANZ region include ADT Freight Services and Micon Office International, which were both listed on the gang’s website in November 2024. The gang has claimed a total of 85 victims since it first formed.
The ToolShed is a supplier of a broad range of hardware brands as well as its own home brand of tools. It operates more than 25 storefronts in both the North and South Islands.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.