Ransomware Attack on Chema by Sarcoma Group

Chema, a leading manufacturer in Peru's construction sector, has allegedly fallen victim to a ransomware attack orchestrated by the Sarcoma group. Known for its high-quality tile setting materials, Chema has been a cornerstone in the industry for over 43 years. The company operates four manufacturing plants and seven warehouses across Peru, ensuring a distribution network that serves various market segments, including home centers and hardware stores.

Chema's Industry Standing and Vulnerabilities

Chema's reputation is built on its commitment to quality and reliability, with products that are well-regarded for their ease of application and effectiveness. This has fostered a loyal customer base and a steady supply chain, crucial in the competitive construction market. However, the company's extensive operational scale and significant market presence also make it an attractive target for cybercriminals. The recent acquisition by Sika AG, a Swiss specialty chemicals company, further underscores Chema's market significance and potential vulnerabilities in cybersecurity.

Attack Overview

The Sarcoma ransomware group has claimed responsibility for exfiltrating 60 GB of sensitive data from Chema. This breach has been publicly acknowledged by Sarcoma, who have listed Chema as a new victim on their dark web leak site. The compromised data reportedly includes a substantial archive of files, highlighting the potential impact on Chema's operations and data security. The attack underscores the growing threat of ransomware groups targeting key players in various industries.

Sarcoma Ransomware Group

Sarcoma is a relatively new but aggressive ransomware group that emerged in October 2024. The group has quickly established itself as a significant threat, particularly in Australia and New Zealand, by employing a double extortion model. This involves encrypting victims' data and threatening to leak it if the ransom is not paid. Sarcoma distinguishes itself by targeting supply chains and using strong encryption methods, making it difficult for victims to recover their data without paying the ransom.

Potential Penetration Methods

While specific details of how Sarcoma penetrated Chema's systems are not publicly available, the group is known for compromising vendors to gain access to larger networks. Once inside, they use various tools to navigate through systems, escalating privileges and compromising additional devices. This sophisticated approach allows Sarcoma to exfiltrate sensitive information before encrypting files, using this data as leverage in ransom negotiations.