07 December 2021
Editor in Chief
Mandiant released details about the UNC2190 ransomware group, also called Sabbath, Arcane, or Eruption. UNC2190 has been targeting critical infrastructure in both the US and Canada. Targeted sectors include health, education, and natural resources. This threat actor uses a complex extortion model where ransomware deployments are limited, but data is stolen in large amounts as they actively try to destroy backups .
We recommend that critical infrastructure sectors continuously backup their data and exercise incident response plans. For more information on contingency planning, refer to NIST SP 800-34 .
 Information on the Sabbath Ransomware Affiliate Program https://www.mandiant.com/resources/sabbath-ransomware-affiliate
 NIST SP 800-34 (Contingency Planning) https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf