Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Sarcoma ransomware group has claimed a cyber attack on NSW-based organisation TMA Group of Companies (TMA).
TMA is a Sydney-based company made up of 12 companies that provide “products and services to industries including airlines, airports, FMCG, manufacturing, retail, higher education, telecoms, government, packaging, logistics and many more”.
Sarcoma listed TMA on its dark web leak site last week, claiming to have exfiltrated 1.1 terabytes of data.
Within the listing is a sample of the allegedly exfiltrated data that includes budget documents, passport scans, and confidential documents.
While Sarcoma did not disclose a ransom amount, it set a countdown timer for the release of the data, which is less than two days at the time of writing.
Responding to Cyber Daily, TMA revealed that it had suffered a partial outage and that unauthorised access had occured.
“Parts of our network, outside of our manufacturing and warehousing operations, were impacted by an outage recently," said a TMA spokesperson.
"Our standard response to any network outage is to immediately engage external advisors to undertake a forensic review of our IT system.
"They determined that our network was accessed by an unauthorised party.
The investigation is ongoing but we do not anticipate our clients being directly impacted by this incident.”
Sarcoma is a relatively new ransomware outfit, having first been observed in October 2024. Despite that, according to Rapid7’s principal threat analyst Matt Green, the gang is “rapidly gaining attention with the public posting of multiple victims on its leak site”.
“Sarcoma employs a double-extortion strategy, combining ransomware encryption with data exfiltration to pressure organisations into paying ransom,” Green said.
Security analysts believe Sarcoma is based somewhere in eastern Europe and that it may have links to another, pre-existing group operating in the same region.
Earlier this month, Sarcoma claimed a cyber attack on the New Zealand hardware chain The ToolShed.
The ToolShed is a supplier of a broad range of hardware brands as well as its own home brand of tools. It operates more than 25 storefronts in both the North and South Islands.
Within the listing, the group claimed to have stolen 160 gigabytes of data. While the group once again did not disclose a ransom, it set a deadline for data publication, which has since expired. The group has since leaked the allegedly stolen data.
The ToolShed has yet to publicly acknowledge the alleged breach.
Update - 14/04/2025: Added TMA's statement.
Be the first to hear the latest developments in the cyber industry.
