"Sabbath Hackers Are Targeting US Schools and Hospitals"

Security researchers are warning of the rebranding of a hacking group now known as Sabbath. The group's rebranding is an attempt to avoid examination while executing ransomware attacks against hospitals, schools, and other critical infrastructure organizations in the US and Canada. The gang became known in October 2021 when it publicly shamed and extorted a US school district on Reddit and from a now-suspended Twitter account. According to security researchers at Mandiant, the group demanded multi-million-dollar ransom payments after launching ransomware. The group was also reported to have emailed staff, parents, and students to further pressure the school district to give in to their demands for payment. The researchers said the group used public data leaks to extort and shame victims. They added that Sabbath's public shaming web portal and blog published in October 2021 are identical to Arcane's from June 2021. The new web portal and blog include the same content with minor changes to the name, color scheme, and logo. Between the rebranding from Arcane to Sabbath, there also seems to be few technical changes made to the affiliate model used to execute attacks. The infrastructure from both ransomware affiliate services is still the same. This article continues to discuss the tactics and targets of the rebranded hacking group.

ITPro reports "Sabbath Hackers Are Targeting US Schools and Hospitals"