EasyPay Hit by Sarcoma Ransomware Attack
Ransomware Attack on EasyPay by Sarcoma Group
EasyPay, a prominent payment institution based in Portugal, has recently fallen victim to a ransomware attack orchestrated by the newly emerged cybercriminal group known as Sarcoma. This incident underscores the growing threat landscape in the cybersecurity domain, particularly for financial institutions.
About EasyPay
Established in 2007, EasyPay operates as a Merchant Agent for Visa and a Payment Facilitator for Mastercard. The company has carved a niche in the financial technology sector by offering a comprehensive suite of payment solutions, including credit and debit card processing, local payment options like Multibanco, and modern solutions such as Apple Pay and Google Pay. EasyPay's innovative features, such as the Pay by Link service and automated recurring payments, have positioned it as a key player in the digital payments landscape in Portugal and beyond. Despite its reliance on digital infrastructure, EasyPay remains vulnerable to cyber threats.
Details of the Attack
The Sarcoma ransomware group has listed EasyPay among over 30 victims on its dark web portal. The attack highlights the group's aggressive tactics and its focus on exploiting vulnerabilities in financial institutions. While specific details of the data compromised have not been disclosed, the inclusion of EasyPay on Sarcoma's list suggests a significant breach. The attack is part of a broader campaign by Sarcoma, which has targeted various industries across different regions.
Profile of the Sarcoma Ransomware Group
Sarcoma is a relatively new player in the ransomware landscape, having emerged in October 2024. The group has quickly gained notoriety for its double extortion strategy, which involves both encrypting data and threatening to leak it publicly. Sarcoma distinguishes itself by not publicly listing ransom amounts, instead leveraging data leaks as a primary means of coercion. The group's operations span multiple regions, with a slight preference for targets in the USA, Canada, Australia, and Spain.
Potential Vulnerabilities and Penetration Tactics
While the exact method of penetration into EasyPay's systems remains unclear, common vulnerabilities in financial institutions include outdated software, insufficient network segmentation, and inadequate employee training on phishing attacks. Sarcoma likely exploited one or more of these weaknesses to gain access to EasyPay's sensitive data. The attack serves as a stark reminder of the importance of cybersecurity measures in protecting financial institutions from emerging threats.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!