The Sarcoma ransomware group has allegedly added four German companies to its data leak site, claiming to have exfiltrated a significant amount of data from their networks. The threat actor has listed Pfullendorfer Tor-Systeme, KWG mbH, F1-Generation GmbH, and IAD GmbH as its latest victims, threatening to release the stolen files. This series of alleged attacks targets a diverse set of industries within Germany, from manufacturing and real estate to fashion and IT services.
The victims represent various sectors of the German economy, highlighting the indiscriminate nature of ransomware attacks. The targeted organizations allegedly include:
- 🇩🇪 Pfullendorfer Tor-Systeme: A manufacturer of garage door systems with over 70 years of history and more than 400,000 customers. The group claims to have stolen a 643 GB archive containing files and Exchange data.
- 🇩🇪 KWG mbH: A modern housing service company managing residential and commercial properties in the Senftenberg region. A 989 GB archive containing files, SQL databases, and Exchange data was allegedly exfiltrated.
- 🇩🇪 F1-Generation GmbH: A distributor for over 10 international fashion brands in the European market, managing lingerie, swimwear, and accessories. The breach allegedly involves a 520 GB archive of files and SQL data.
- 🇩🇪 IAD GmbH: An IT service provider offering training, certification, and consulting, with test centers in several German cities. The attackers claim to possess a 43 GB archive with files, SQL databases, and Exchange data.
The publication of these companies on the ransomware group’s leak site serves as a pressure tactic to compel the victims into paying a ransom. If negotiations fail or no payment is made, the Sarcoma group will likely leak the stolen data publicly, posing a significant risk to the companies’ privacy, operations, and reputation. The variety in the size and type of data allegedly stolen indicates a comprehensive compromise of each company’s digital infrastructure.
