Ransomware Attack on InCare Technologies by Sarcoma Group
Ransomware Attack on InCare Technologies by Sarcoma Group
InCare Technologies, a managed service provider based in Birmingham, Alabama, has recently fallen victim to a ransomware attack orchestrated by the newly emerged cybercriminal group known as "Sarcoma." This incident highlights the increasing threat posed by ransomware groups and underscores the importance of effective cybersecurity measures.
About InCare Technologies
InCare Technologies is a prominent managed service provider specializing in delivering comprehensive IT solutions to small and medium-sized businesses, including sectors such as healthcare, education, and local government. The company offers a range of services, including managed IT services, cybersecurity solutions through its InShield service, and integrated IT management via InCare 360. With an annual revenue of $25.7 million and approximately 31 employees, InCare Technologies is recognized for its commitment to high-quality IT solutions and customer support.
Details of the Attack
The ransomware attack on InCare Technologies was claimed by the Sarcoma group on their dark web leak site. This places InCare among over 30 organizations targeted by Sarcoma. The attack involved data exfiltration, a common tactic used by ransomware groups to coerce victims by threatening to leak sensitive information if ransom demands are not met. The specifics of the data compromised in this attack have not been disclosed, but the incident underscores the vulnerabilities faced by managed service providers in safeguarding client data.
Profile of the Sarcoma Ransomware Group
Sarcoma is a recently emerged ransomware group that has quickly gained notoriety for its aggressive tactics and significant data breaches. The group has targeted a diverse range of industries, with a slight preference for victims in the USA, Canada, Australia, and Spain. Sarcoma distinguishes itself by not publicly listing ransom amounts, instead leveraging data leaks as a primary means of coercion. The group operates a darknet leak site where it lists its victims and provides evidence of stolen data, promoting itself as a means to highlight poor security practices among organizations.
Potential Vulnerabilities and Penetration Methods
While the exact method of penetration used by Sarcoma in the attack on InCare Technologies is not publicly known, ransomware groups typically exploit vulnerabilities in network security, such as unpatched software, weak passwords, or phishing attacks. Managed service providers like InCare, which handle sensitive data for multiple clients, are particularly attractive targets for ransomware groups due to the potential impact of a successful breach.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!