Ransomware Group: SARCOMA

VICTIM NAME: JELGAVAS TIPOGRAFIJA

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SARCOMA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to JELGAVAS TIPOGRAFIJA, a prominent printing company based in Latvia. The breach was discovered and publicly disclosed on June 11, 2025. This company specializes in producing high-quality books, offering a wide range of printing and binding services across Europe, including Latvia, France, Germany, and Nordic countries. The leaked data comprises approximately 361 GB of archived files, suggesting a significant compromise of sensitive operational information. Although specific details about the nature of the data or the attack vector are not provided, the leak size indicates extensive data exfiltration. The incident highlights potential risks to business operations and client confidentiality in the printing industry. The affected company has a notable turnover, reflecting its established market presence and operational scale. The leak’s publication may include confidential files, project details, or internal documents, posing a threat to the company’s competitive position and customer trust. No direct mention of PII or employee data is evident from the available information, but organizations should review their security protocols following such incidents.

The leak site omits specific screenshots or images, but it indicates the release of a substantial archive containing internal documents. The incident underscores the importance of cybersecurity measures, especially for companies handling extensive client projects and sensitive operational data. The breach’s discovery date and the leak publication date are virtually simultaneous, suggesting the attack was identified quickly after exfiltration. The incident occurrence emphasizes the ongoing threat landscape faced by manufacturing and service providers, especially those operating across multiple countries with diverse regulatory environments. Businesses in similar sectors should evaluate their security posture and consider proactive defenses against ransomware threats, including regular backups, threat monitoring, and staff training to mitigate the impact of future attacks.