Micon Office National, a Wollongong-based Australian office furniture supplier, has confirmed it was the latest victim of the Sarcoma ransomware gang. The group claimed responsibility for the attack, asserting that it had exfiltrated 34 gigabytes of data from the company. The stolen data reportedly includes a mix of invoices, SQL databases, and emails from an Exchange server. The gang has threatened to release the data within 11 days unless its demands are met, although the ransom amount has not been disclosed. The gang posted proof of the breach, sharing a pair of invoices and a medical letter belonging to a company employee on its darknet leak site.
The attack is believed to have occurred on November 3, 2024, and Micon Office National confirmed the breach after becoming aware of the incident on November 4. The company promptly informed its security software provider and law enforcement agencies about the situation. In response to the attack, Micon Office National has reassured its clients that no client data was affected, as client files are managed by an external Sydney-based software company. The company is continuing its investigation and has already informed its staff about the breach.
Sarcoma is a relatively new but active ransomware group, first observed in October 2024. Since then, it has targeted several organizations, primarily in the ANZ region, including The Plastic Bag Company, Perfection Fresh, and New Zealand-based Advanced Accounting. The gang has been associated with a double-extortion attack strategy, where they combine ransomware encryption with data exfiltration to pressure victims into paying a ransom. This tactic, which has proven effective in increasing ransom payments, has made Sarcoma one of the most active ransomware operators globally, with around 40 victims reported worldwide.
Matt Green, principal threat analyst at Rapid7, highlighted that Sarcoma’s activities have earned it a place among the top 10 most active ransomware groups for the month. The gang appears to target low-profile organizations, such as Micon Office National, which describes itself as “big enough to deliver but small enough to care.” Cybersecurity experts, including Rapid7, have urged organizations to review their security measures, particularly focusing on supplier access and third-party services, to defend against ransomware and prevent similar incidents in the future.
