Mandiant Releases Information About UNC2190 Ransomware Group

#Infrastructure #Ransomware

  • Issue

    07 December 2021

  • Editor

    Dan McCarthy

  • Editor in Chief

    Amery Smock

  • Date

    12/2/2021

  • Analysis

    Mandiant released details about the UNC2190 ransomware group, also called Sabbath, Arcane, or Eruption. UNC2190 has been targeting critical infrastructure in both the US and Canada. Targeted sectors include health, education, and natural resources. This threat actor uses a complex extortion model where ransomware deployments are limited, but data is stolen in large amounts as they actively try to destroy backups [1].
    We recommend that critical infrastructure sectors continuously backup their data and exercise incident response plans. For more information on contingency planning, refer to NIST SP 800-34 [2].

  • Sources

    [1] Information on the Sabbath Ransomware Affiliate Program https://www.mandiant.com/resources/sabbath-ransomware-affiliate
    [2] NIST SP 800-34 (Contingency Planning) https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf

  • Analyst

    Jack Hall

Previous Page | Back to Home

Subscribe

Note: The email address you provide will be stored and used for the sole purpose of sending the Industrial Cybersecurity Current Intelligence Digest. It will not otherwise be shared, sold, or intentionally disclosed. You may unsubscribe at any time by following the unsubscribe link included in each email.