According to a warning from Mandiant, the group previously operated under the names of Arcane and Eruption and was observed last year deploying the ROLLCOAST ransomware.

In October 2021, the group created the public naming-and-shaming site 54BB47h (Sabbath), one month after a post was discovered where the malware group announced it was looking for partners to launch a new ransomware affiliate program, Mandiant reports.

The Sabbath group came to light last month as it publicly shamed and extorted a school district in the United States, using social media sites Reddit and Twitter. The group demanded a multi-million ransom be paid after ransomware was deployed on the district’s systems.