Abyss Ransomware Hits Canadian Truck Equipment Supplier
Incident Date:
August 28, 2024
Overview
Title
Abyss Ransomware Hits Canadian Truck Equipment Supplier
Victim
Commercial Truck Equipment
Attacker
Abyss
Location
First Reported
August 28, 2024
Abyss Ransomware Group Targets Commercial Truck Equipment Co.
Commercial Truck Equipment Co., a leading Canadian supplier of vocational vehicles and work truck equipment, has fallen victim to a ransomware attack orchestrated by the Abyss ransomware group. The attackers claim to have exfiltrated 1 TB of uncompressed data and have threatened to release the password to access this data on September 4, 2024, if their demands are not met.
Company Overview
Commercial Truck Equipment Co. is a prominent player in the transportation sector, specializing in providing a wide range of truck equipment solutions. With over 75 years of experience, the company operates from ten main branches across Canada, employing more than 350 staff members and utilizing over 250,000 square feet of combined service and production space. Their extensive product line includes crane trucks, tow and recovery vehicles, refuse collection vehicles, dump and gravel trucks, snow and ice management trucks, landscape bodies, trailers, and truck hydraulic systems. The company is known for its commitment to quality and customer service, offering tailored solutions to meet the specific needs of its clients.
Attack Overview
The Abyss ransomware group has claimed responsibility for the attack on Commercial Truck Equipment Co. via their dark web leak site. The group alleges that they have exfiltrated 1 TB of uncompressed data from the company. If their demands are not met, they have threatened to publish the password to access this data on September 4, 2024. This attack highlights the vulnerabilities that even well-established companies can face in the realm of cybersecurity.
About Abyss Ransomware Group
The Abyss ransomware group is a multi-extortion operation that emerged in March 2023, primarily targeting VMware ESXi environments. They are known for hosting a TOR-based website where they list victims along with exfiltrated data if the victims fail to comply with their demands. The group's operations are believed to have started many months prior to the posting of their TOR-based blog, with previous variations of Abyss, including a Windows variant, observed as far back as 2019. Abyss Locker ransomware campaigns have targeted various industries, including finance, manufacturing, information technology, and healthcare, with a primary focus on the United States.
Penetration and Impact
The initial access for Abyss Locker infections can vary, with affiliated threat actors observed targeting weak SSH configurations through SSH brute force attacks to establish entry to exposed servers. For Linux, Abyss Locker payloads are derived from the Babuk codebase and function similarly. The ransomware has a standard command line interface, requiring the threat actor to define a targeted path for encryption. Encrypted files are noted with the ".crypt" extension, and any folder containing encrypted files will also contain Abyss Locker ransom notes with the .README_TO_RESTORE extension.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.