Ransomware Group: SARCOMA

VICTIM NAME: Sinalisa Segurança Viária Ltda

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SARCOMA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Sinalisa Segurança Viária Ltda, a Brazilian company specializing in road safety and pavement marking services. The leak was discovered on April 21, 2025, and includes a substantial data archive estimated at 43 GB, containing various files related to the company’s operations. The leak does not specify the attack date but indicates that the breach was identified on the same day it was discovered, suggesting recent activity. The company has a long-standing history dating back to 1971, and has established itself as a pioneer in the Brazilian road marking industry, focusing on safety-related services such as highway and urban road markings, cycle paths, and airport signage. The leak page hints at data exposure possibly related to operational files, but does not provide explicit sensitive details or personal data breaches.

The leak indicates the presence of a considerable amount of data, including files stored within the archive. It also suggests that the breach involves confidential operational information, which might include internal documents, project plans, or logistical data associated with the company’s services across Brazil. The leak is part of a broader effort group identified as “sarcoma,” although no additional details about this group or their motives are disclosed. The leaked information appears to be publicly accessible via the provided URL, which points to a ransomware-related site listing the leak details and evidence of the breach. There are no images or screenshots included in the leak summary, but the size and scope of the exposed data raise concerns about potential exposure of sensitive operational information.