Malware
ROLLCOAST
aka Sabbath · S4bb47h · Arcane
ROLLCOAST is a ransomware program that encrypts files on logical drives attached to a system.
ROLLCOAST is a ransomware program that encrypts files on logical drives attached to a system. ROLLCOAST is a Dynamic Linked Library (DLL) with no named exports. When observed by Mandiant it uniquely had only one ordinal export 0x01. This suggested the sample was designed to avoid detection and be invoked within memory, possibly through BEACON provided to affiliates. Incident responders working on similar intrusions should capture memory for analysis.
Family metadata imported from Malpedia (Fraunhofer FKIE).