Ransomware Attack on InCare Technologies by Sarcoma Group
Incident Date:
October 9, 2024
Overview
Title
Ransomware Attack on InCare Technologies by Sarcoma Group
Victim
InCare Technologies
Attacker
Sarcoma
Location
First Reported
October 9, 2024
Ransomware Attack on InCare Technologies by Sarcoma Group
InCare Technologies, a managed service provider based in Birmingham, Alabama, has recently fallen victim to a ransomware attack orchestrated by the newly emerged cybercriminal group known as "Sarcoma." This incident highlights the increasing threat posed by ransomware groups and underscores the importance of effective cybersecurity measures.
About InCare Technologies
InCare Technologies is a prominent managed service provider specializing in delivering comprehensive IT solutions to small and medium-sized businesses, including sectors such as healthcare, education, and local government. The company offers a range of services, including managed IT services, cybersecurity solutions through its InShield service, and integrated IT management via InCare 360. With an annual revenue of $25.7 million and approximately 31 employees, InCare Technologies is recognized for its commitment to high-quality IT solutions and customer support.
Details of the Attack
The ransomware attack on InCare Technologies was claimed by the Sarcoma group on their dark web leak site. This places InCare among over 30 organizations targeted by Sarcoma. The attack involved data exfiltration, a common tactic used by ransomware groups to coerce victims by threatening to leak sensitive information if ransom demands are not met. The specifics of the data compromised in this attack have not been disclosed, but the incident underscores the vulnerabilities faced by managed service providers in safeguarding client data.
Profile of the Sarcoma Ransomware Group
Sarcoma is a recently emerged ransomware group that has quickly gained notoriety for its aggressive tactics and significant data breaches. The group has targeted a diverse range of industries, with a slight preference for victims in the USA, Canada, Australia, and Spain. Sarcoma distinguishes itself by not publicly listing ransom amounts, instead leveraging data leaks as a primary means of coercion. The group operates a darknet leak site where it lists its victims and provides evidence of stolen data, promoting itself as a means to highlight poor security practices among organizations.
Potential Vulnerabilities and Penetration Methods
While the exact method of penetration used by Sarcoma in the attack on InCare Technologies is not publicly known, ransomware groups typically exploit vulnerabilities in network security, such as unpatched software, weak passwords, or phishing attacks. Managed service providers like InCare, which handle sensitive data for multiple clients, are particularly attractive targets for ransomware groups due to the potential impact of a successful breach.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.