Written by Tonya Riley
Nov 29, 2021 | CYBERSCOOP
An under-the-radar ransomware group that’s been attacking schools, hospitals and other critical infrastructure has tried to cover its tracks by rebranding, according to findings from researchers at Mandiant.
Sabbath, a rebrand of the ransomware group Arcane, “is unfortunately not slowing down” in its attacks, Tyler McLellan, principal analyst at Mandiant, said in a statement. “They picked up their pace right into November 2021, when its public shaming portal mysteriously went offline.”
Researchers first caught onto Sabbath in October, when it held the data of a Texas school district for school for ransom. Interestingly, the group turned to social media platform Reddit to make its ransom demand. Ransomware gangs often host their own websites where they shame victims and threaten to leak data.
Sabbath eventually launched its own victim site, which researchers found nearly identical to that of a formerly active group that went by the name Arcane. The two groups also shared infrastructure, according to a Mandiant blog post Monday.
In mid-November alone, the group added six victims to its public extortion website in the span of two days. It has been able to largely fly under the radar thanks