Abyss Ransomware Group Targets Malca-Amit, Threatens Data Leak
Incident Date:
June 18, 2024
Overview
Title
Abyss Ransomware Group Targets Malca-Amit, Threatens Data Leak
Victim
Malca-Amit
Attacker
Abyss
Location
First Reported
June 18, 2024
Ransomware Attack on Malca-Amit by Abyss Group
Company Profile: Malca-Amit
Malca-Amit Global Limited, established in 1963 and headquartered in Hong Kong, is a pivotal player in the global logistics sector, specializing in the secure transportation and storage of high-value assets such as precious metals, diamonds, and fine art. With an annual revenue of $104.4 million and a workforce of approximately 256 employees, the company excels in providing innovative security solutions and exceptional customer service. Malca-Amit operates highly-secured facilities worldwide, offering services that include secure door-to-door delivery and specialized insurance coverage, making them a trusted partner for luxury goods industries and high-net-worth individuals.
Details of the Ransomware Attack
The Abyss Ransomware group, known for its aggressive multi-extortion tactics, has recently targeted Malca-Amit, claiming to have exfiltrated 30 GB of sensitive organizational data. The group has threatened to release the decryption key publicly on June 19, 2024, potentially leading to significant breaches of client confidentiality and financial losses for the company.
About Abyss Ransomware Group
Abyss, emerging in March 2023, primarily targets VMware ESXi environments and is notorious for its TOR-based operations where it lists victims and stolen data. The group's modus operandi includes exploiting weak SSH configurations and leveraging the Babuk codebase for Linux systems. Their recent activities have shown a rapid expansion across various sectors, marking them as a formidable threat in the cybersecurity landscape.
Potential Vulnerabilities and Entry Points
Given Malca-Amit’s extensive use of advanced technological solutions for asset tracking and security, it is plausible that Abyss may have exploited vulnerabilities in these systems, particularly through SSH brute force attacks. The high-value nature of Malca-Amit's shipments and the data sensitivity of their operations likely made them an attractive target for Abyss, aiming to leverage stolen data for ransom.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.