EasyPay Hit by Sarcoma Ransomware Attack

Incident Date: Oct 09, 2024

Attack Overview
VICTIM
EasyPay
INDUSTRY
Finance
LOCATION
Portugal
ATTACKER
Sarcoma
FIRST REPORTED
October 9, 2024

Ransomware Attack on EasyPay by Sarcoma Group

EasyPay, a prominent payment institution based in Portugal, has recently fallen victim to a ransomware attack orchestrated by the newly emerged cybercriminal group known as Sarcoma. This incident underscores the growing threat landscape in the cybersecurity domain, particularly for financial institutions.

About EasyPay

Established in 2007, EasyPay operates as a Merchant Agent for Visa and a Payment Facilitator for Mastercard. The company has carved a niche in the financial technology sector by offering a comprehensive suite of payment solutions, including credit and debit card processing, local payment options like Multibanco, and modern solutions such as Apple Pay and Google Pay. EasyPay's innovative features, such as the Pay by Link service and automated recurring payments, have positioned it as a key player in the digital payments landscape in Portugal and beyond. Despite its reliance on digital infrastructure, EasyPay remains vulnerable to cyber threats.

Details of the Attack

The Sarcoma ransomware group has listed EasyPay among over 30 victims on its dark web portal. The attack highlights the group's aggressive tactics and its focus on exploiting vulnerabilities in financial institutions. While specific details of the data compromised have not been disclosed, the inclusion of EasyPay on Sarcoma's list suggests a significant breach. The attack is part of a broader campaign by Sarcoma, which has targeted various industries across different regions.

Profile of the Sarcoma Ransomware Group

Sarcoma is a relatively new player in the ransomware landscape, having emerged in October 2024. The group has quickly gained notoriety for its double extortion strategy, which involves both encrypting data and threatening to leak it publicly. Sarcoma distinguishes itself by not publicly listing ransom amounts, instead leveraging data leaks as a primary means of coercion. The group's operations span multiple regions, with a slight preference for targets in the USA, Canada, Australia, and Spain.

Potential Vulnerabilities and Penetration Tactics

While the exact method of penetration into EasyPay's systems remains unclear, common vulnerabilities in financial institutions include outdated software, insufficient network segmentation, and inadequate employee training on phishing attacks. Sarcoma likely exploited one or more of these weaknesses to gain access to EasyPay's sensitive data. The attack serves as a stark reminder of the importance of cybersecurity measures in protecting financial institutions from emerging threats.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.