Ransomware Group: SARCOMA

VICTIM NAME: MSB

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SARCOMA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

MSB is identified as the victim in this leak. The leak page describes MSB as a United States–based contractor offering disaster recovery services to residential and commercial clients, emphasizing timely recovery after emergencies. The page frames the incident as a data-leak event rather than an encryption-focused attack and states that attackers claim to have exfiltrated data from MSB’s network. An archive described as approximately 66 GB is said to contain files and SQL databases. The post date associated with the leak is September 29, 2025, at 06:47:09.343745, and the page designates the United States as the victim’s country. The material does not present any ransom amount or explicit demand within the leak content.

The leak page reports that there are no screenshots or images accompanying the disclosure. The primary artifact described is a 66 GB data archive containing files and SQL data, with no further detail on the specific contents. The description presents the material in neutral terms, with personal data redacted and without direct URLs shown in the summary. Based on the available information, there is no explicit encryption claim or ransom figure mentioned on the page.

In summary, the leak centers on MSB, a United States–based contractor in the disaster recovery field, and characterizes the event as a data-leak involving a 66 GB archive of files and SQL data. The post date on the page serves as the publication date for the leak, and no ransom demands or encryption claims are disclosed in the available material. There are no media attachments such as screenshots accompanying the post.