Sabs Ransomware
The SABS Ransomware is a poisonous threat that appears to be targeting corporate entities predominantly. By utilizing a strong encryption algorithm, the threat goes after a large number of different file types, including documents, databases, photos, images, archives and more. The attackers also claim to collect sensitive data from the infected computers, essentially performing a double-extortion scheme.
While the threat is active on the system, it will scan the stored files, encrypt them, and append '.SABS' to their original names. As one of its end-stage actions, the SABS Ransomware will deliver a note with instructions from its operators. This ransom note will be contained inside a text file named 'RESTORE_FILE_INFO.txt.'
Ransom Note's Overview
According to the note, the hackers have managed to obtain various contracts, financial information, databases and more from the compromised machines. The cybercriminals threaten to start leaking sensitive information on their Twitter account. To avoid this outcome, victims have to contact the hackers and come to an agreement within 3 days of the SABS Ransomware infection. The note provides only one way to reach the attackers - via qTOX.
The full set of instructions left by SABS Ransomware is:
'------------------
| What happened? |
------------------
Your network was ATTACKED, your computers and servers were LOCKED,
Your private data was DOWNLOADED:
- Contracts
- Customers data
- Finance
- HR
- Databases
- And more other...
----------------------
| What does it mean? |
----------------------
It means that soon mass media, your partners and clients WILL KNOW about your PROBLEM.
--------------------------
| How it can be avoided? |
--------------------------
In order to avoid this issue,
you are to COME IN TOUCH WITH US no later than within 3 DAYS and conclude the data recovery and breach fixing AGREEMENT.
-------------------------------------------
| What if I do not contact you in 3 days? |
-------------------------------------------
If you do not contact us in the next 3 DAYS we will begin DATA publication.
We will post information about hacking of your company on our twitter hxxps://twitter.com/RobinHoodLeaks or hxxps://www.gettr.com/user/robinhoodleaks
ALL CLINTS WILL LEARN ABOUT YOUR HACKING AND LEAKAGE OF DATA!!! YOUR COMPANY'S REPUTATION WILL BE HURTLY DAMAGED!
-----------------------------
| I can handle it by myself |
-----------------------------
It is your RIGHT, but in this case all your data will be published for public USAGE.
-------------------------------
| I do not fear your threats! |
-------------------------------
That is not the threat, but the algorithm of our actions.
If you have hundreds of millions of UNWANTED dollars, there is nothing to FEAR for you.
That is the EXACT AMOUNT of money you will spend for recovery and payouts because of PUBLICATION.
You are exposing yourself to huge penalties with lawsuits and government if we both don't find an agreement.
We have seen it before cases with multi million costs in fines and lawsuits,
not to mention the company reputation and losing clients trust and the medias calling non-stop for answers.
--------------------------
| You have convinced me! |
--------------------------
Then you need to CONTACT US, there is few ways to DO that.
---Secure method---
a) Download a qTOX client: hxxps://tox.chat/download.html
b) Install the qTOX client and register account
c) Add our qTOX ID: 671263E7BC06103C77146A5ABB802A63F5 3A42B4C4766329A5F04D2660C99A3611635CC36B3A
d) Write us extension of your encrypted files .SABS
Our LIVE SUPPORT is ready to ASSIST YOU on this chat.
----------------------------------------
| What will I get in case of agreement |
----------------------------------------
You WILL GET full DECRYPTION of your machines in the network, DELETION your data from our servers,
RECOMMENDATIONS for securing your network perimeter.
And the FULL CONFIDENTIALITY ABOUT INCIDENT.
-------------------------------------------------'
