Abyss Locker Ransomware Group Targets Rangam

Incident Date:

April 23, 2024

World map

Overview

Title

Abyss Locker Ransomware Group Targets Rangam

Victim

Rangam

Attacker

Abyss

Location

Somerset, USA

New Jersey, USA

First Reported

April 23, 2024

Ransomware Attack on Rangam by Abyss Group

Attack Overview

The staffing and recruiting company Rangam, known for its inclusive employment solutions, has fallen victim to a ransomware attack orchestrated by the Abyss Locker ransomware group. This cyberattack has led to the exfiltration of approximately 1.1 terabytes of sensitive data, including credentials of employees, partners, and customers.

Company Profile

Rangam, headquartered in Somerset, New Jersey, specializes in providing inclusive workforce solutions, particularly focusing on individuals with disabilities, autism spectrum conditions, and disabled veterans. Founded in 1995, the company employs 443 individuals and reported revenues of $248.3 million in 2023. Rangam is distinguished in its industry by its empathy-driven culture and its integration of advanced AI technologies into staffing solutions.

Ransomware Group Details

The Abyss Locker group, emerging in March 2023, primarily targets VMware ESXi environments and is known for its multi-extortion tactics. The group operates through a TOR-based website, listing victims and threatening to release exfiltrated data unless ransom demands are met. Their ransomware leverages the Babuk codebase for Linux environments and is notorious for deleting system backups and shadow copies to complicate recovery efforts.

Vulnerabilities and Risks

Rangam's significant digital footprint and reliance on technology for integrating AI into staffing processes may have increased its vulnerability to cyberattacks. The attack surface likely included IT services that were susceptible to infiltration, which the Abyss group exploited to execute their ransomware deployment and data theft.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.