Abyss Ransomware Strikes Tolsa Minerals in Major Cyber Attack
Incident Date:
September 26, 2024
Overview
Title
Abyss Ransomware Strikes Tolsa Minerals in Major Cyber Attack
Victim
TOLSA Minirals
Attacker
Abyss
Location
First Reported
September 26, 2024
Abyss Ransomware Group Targets Tolsa Minerals in Major Data Breach
Tolsa S.A., a leading Spanish company in the minerals and mining sector, has fallen victim to a significant ransomware attack orchestrated by the Abyss ransomware group. The attack has resulted in the exfiltration of 5.1 terabytes of uncompressed data, with the company's website currently offline. The ransom deadline set by the attackers is October 3, 2024.
About Tolsa S.A.
Founded in 1957, Tolsa S.A. is a prominent player in the global minerals market, specializing in the extraction, treatment, and commercialization of clay-based additives. With a presence in over 95 countries and generating approximately $439.5 million in revenue, Tolsa is recognized for its commitment to innovation and sustainability. The company employs around 700 professionals and is headquartered in Madrid, Spain. Tolsa's products are integral to various industries, including paints, coatings, construction, and civil engineering, where they enhance product durability and application properties.
Attack Overview
The Abyss ransomware group, known for its multi-extortion tactics, has claimed responsibility for the attack on Tolsa. The group has a history of targeting VMware ESXi environments and has been active since March 2023. The attack on Tolsa is part of a broader campaign by Abyss, which has previously targeted industries such as finance, manufacturing, and healthcare. The group's operations are characterized by their use of a TOR-based website to list victims and exfiltrated data.
Vulnerabilities and Penetration
Tolsa's global operations and reliance on digital infrastructure may have made it susceptible to cyber threats. The Abyss group is known for exploiting weak SSH configurations through brute force attacks, which could have been a potential entry point into Tolsa's systems. The ransomware's payloads, derived from the Babuk codebase, are designed to encrypt files and demand ransom for their release. The attack underscores the importance of effective cybersecurity measures, particularly for companies with extensive digital operations.
About the Abyss Ransomware Group
The Abyss ransomware group distinguishes itself through its focus on VMware ESXi environments and its multi-extortion approach. The group has rapidly evolved into a significant threat, targeting both Windows and Linux systems. Their operations are marked by a sophisticated command line interface and the use of the ".crypt" extension for encrypted files. The group's ability to adapt and target diverse industries highlights the growing complexity of ransomware threats in the digital age.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.