Ransomware Group: SARCOMA

VICTIM NAME: FAKO-M Getränke

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SARCOMA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to FAKO-M Getränke, a company based in North Rhine-Westphalia, Germany, specializing in the supply of beverages, wine, spirits, coffee, and hygiene products. The breach was discovered on April 20, 2025, and involves a substantial data archive estimated to be 446 GB in size. The leaked data includes various files and SQL databases, potentially exposing sensitive operational information. The company provides services to the hospitality and retail sectors, including vending machine operations, event equipment, and financial services. Despite the significant data leak, no specific details about compromised internal information or personal data are publicly disclosed. The leak poses serious cybersecurity concerns, highlighting the importance of robust data protection measures for organizations handling large and sensitive datasets.

The leak page features no visuals or screenshots but indicates a substantial breach with a large volume of information available for download. The incident underscores the ongoing threat posed by ransomware groups targeting industries with extensive supply networks. Organizations similar to FAKO-M Getränke are advised to review their cybersecurity protocols and ensure their systems are safeguarded against such attacks. The leak’s online presence indicates ongoing criminal activity, with the threat actor group associated with this breach categorized under ‘sarcoma’. While the breach’s full impact remains to be assessed, this event emphasizes the critical need for cybersecurity vigilance to prevent future disruptions and protect company assets.