EasyPay Hit by Sarcoma Ransomware Attack
Incident Date:
October 9, 2024
Overview
Title
EasyPay Hit by Sarcoma Ransomware Attack
Victim
EasyPay
Attacker
Sarcoma
Location
First Reported
October 9, 2024
Ransomware Attack on EasyPay by Sarcoma Group
EasyPay, a prominent payment institution based in Portugal, has recently fallen victim to a ransomware attack orchestrated by the newly emerged cybercriminal group known as Sarcoma. This incident underscores the growing threat landscape in the cybersecurity domain, particularly for financial institutions.
About EasyPay
Established in 2007, EasyPay operates as a Merchant Agent for Visa and a Payment Facilitator for Mastercard. The company has carved a niche in the financial technology sector by offering a comprehensive suite of payment solutions, including credit and debit card processing, local payment options like Multibanco, and modern solutions such as Apple Pay and Google Pay. EasyPay's innovative features, such as the Pay by Link service and automated recurring payments, have positioned it as a key player in the digital payments landscape in Portugal and beyond. Despite its reliance on digital infrastructure, EasyPay remains vulnerable to cyber threats.
Details of the Attack
The Sarcoma ransomware group has listed EasyPay among over 30 victims on its dark web portal. The attack highlights the group's aggressive tactics and its focus on exploiting vulnerabilities in financial institutions. While specific details of the data compromised have not been disclosed, the inclusion of EasyPay on Sarcoma's list suggests a significant breach. The attack is part of a broader campaign by Sarcoma, which has targeted various industries across different regions.
Profile of the Sarcoma Ransomware Group
Sarcoma is a relatively new player in the ransomware landscape, having emerged in October 2024. The group has quickly gained notoriety for its double extortion strategy, which involves both encrypting data and threatening to leak it publicly. Sarcoma distinguishes itself by not publicly listing ransom amounts, instead leveraging data leaks as a primary means of coercion. The group's operations span multiple regions, with a slight preference for targets in the USA, Canada, Australia, and Spain.
Potential Vulnerabilities and Penetration Tactics
While the exact method of penetration into EasyPay's systems remains unclear, common vulnerabilities in financial institutions include outdated software, insufficient network segmentation, and inadequate employee training on phishing attacks. Sarcoma likely exploited one or more of these weaknesses to gain access to EasyPay's sensitive data. The attack serves as a stark reminder of the importance of cybersecurity measures in protecting financial institutions from emerging threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.