Mandiant Releases Information About UNC2190 Ransomware Group
Issue
07 December 2021
Editor
Dan McCarthy
Editor in Chief
Amery Smock
Date
12/2/2021
-
Analysis
Mandiant released details about the UNC2190 ransomware group, also called Sabbath, Arcane, or Eruption. UNC2190 has been targeting critical infrastructure in both the US and Canada. Targeted sectors include health, education, and natural resources. This threat actor uses a complex extortion model where ransomware deployments are limited, but data is stolen in large amounts as they actively try to destroy backups [1].
We recommend that critical infrastructure sectors continuously backup their data and exercise incident response plans. For more information on contingency planning, refer to NIST SP 800-34 [2]. -
Sources
[1] Information on the Sabbath Ransomware Affiliate Program https://www.mandiant.com/resources/sabbath-ransomware-affiliate
[2] NIST SP 800-34 (Contingency Planning) https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
Analyst