Ransomware Group: SARCOMA

VICTIM NAME: CARSTAR Business Group

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SARCOMA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to CARSTAR Business Group, a company operating within the Automotive Service and Collision Repair industry. The breach was discovered on July 14, 2025, and involves the exposure of a substantial data archive estimated at 65 GB. The compromised data set contains various files that may include sensitive internal information, although specific contents are not detailed. The company, based in Ancaster, Ontario, Canada, has a workforce of between 50 and 99 employees and generates annual revenues ranging from five to ten million dollars. The leak’s publication indicates a focus on the company’s operational data and internal documents, which could potentially impact their business operations or client confidentiality.

As part of the leak, there are indications of downloadable data, although specific download links are not provided in the summary. The leak includes screenshots of internal documents, which suggest that visual evidence of sensitive internal records is present. The attack involves a cybercriminal group identified as “sarcoma,” and the incident impacts a U.S.-based region, although the company itself is headquartered in Canada. No personally identifiable information (PII) or detailed sensitive customer data is explicitly disclosed in the available summary. The incident underscores the importance of cybersecurity measures within the consumer services sector, especially in automotive repair services that handle a variety of proprietary operational information.