Ransomware Group: SARCOMA

VICTIM NAME: Unimed do Brasil

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SARCOMA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 15, 2025, a ransomware leak page lists Unimed do Brasil as a victim of a data-exfiltration incident. The page references Unimed Pelotas, described as a comprehensive health service center located in Pelotas, Brazil, offering services such as a patient app, a doctor search guide, and online medical consultations for adults and children. The description places the organization within the healthcare sector in Brazil. The leak entry asserts that approximately 2.8 terabytes of data were exfiltrated, and that the archive contains files and SQL databases. There is no explicit compromise date beyond the post date, and the data presented does not show a ransom demand in the supplied text. The post appears to function as a data-leak notification rather than an encryption-focused ransom message.

The leak page contains no screenshots or images—metadata indicates zero images associated with the post. The described archive contents—files and SQL databases—imply that internal documents and database records may have been exposed, though the exact data types and datasets are not disclosed in the listing. No personal contact information, emails, phone numbers, or addresses are visible in the provided description, and there are no listed download links or media. The post date remains October 15, 2025, and the text does not mention any ransom amount or negotiation details.

Overall, the entry signals a substantial data-leak event affecting a Brazilian healthcare provider. A 2.8 TB archive is large and could indicate exposure of sensitive information, including potentially patient records, given the healthcare context. However, without specifics on the data types or a ransom note, a precise risk assessment cannot be made from the available details alone. The case warrants monitoring for additional information or corroboration and consideration of relevant regulatory or notification obligations if further data content is confirmed.