[MART] - Daily Diary #401 - Meet Sabbath Ransomware

CTAS-MAT ctas-mat at appgate.com
Tue Nov 30 20:42:29 UTC 2021


Hello,
I hope everyone is doing well!

Below is the entry for today.

11/30/2021 - Diary entry #401

In the last weeks, a new Ransomware group is getting a lot of media attention, Sabbath. The gang first became known in October, when the group publicly extorted a US school district on Reddit and Twitter. This group is very aggressive in their extortion techniques, even emailing staff, parents and students of affected schools. Researchers believe Sabbath is active since June 2021, targeting health, educational and natural resources organizations in US and Canada.

Before deploying the ransomware attack, this group uses Cobalt Strike Beacon as a backdoor to exfiltrate data and move laterally in the network, a similar toolset was applied in SolarWinds' attack.

Just like most new ransomware operations covered in our Daily Diaries, Sabbath operates in the Ransomware-as-a-Service business model. Sabbath is believed to be a rebrand of Arcane, an older threat that operated in 2020. Although it's considered a small ransomware operation, Sabbath host its own wall-of-shame, and the aggressive extortion techniques pose a greater danger than just encrypting files.

Kind Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20211130/f2c6f524/attachment.htm>


More information about the MART mailing list