Crimson Wine Group Hit by Abyss Ransomware: Key Details
Incident Date:
July 25, 2024
Overview
Title
Crimson Wine Group Hit by Abyss Ransomware: Key Details
Victim
Crimson Wine Group
Attacker
Abyss
Location
First Reported
July 25, 2024
Ransomware Attack on Crimson Wine Group by Abyss
Overview of Crimson Wine Group
Crimson Wine Group (CWG) is a prominent wine company based in the United States, known for its commitment to quality wine production and sustainable practices. The company manages a diverse portfolio of wineries and vineyards across key wine-producing regions, including California, Oregon, and Washington. Their holdings include notable estates such as Pine Ridge Vineyards, Seghesio Family Vineyards, Chamisal Vineyards, and Archery Summit. CWG operates approximately 1,000 acres of vineyards, emphasizing estate-based winemaking to produce wines that reflect the unique terroirs of their various locations.
Commitment to Sustainability
Sustainability is a core value at Crimson Wine Group. The company actively engages in practices aimed at preserving ecosystems and promoting biodiversity within its vineyards. CWG is committed to achieving zero waste status in its wine production processes and has implemented various initiatives to reduce its carbon footprint. They are also a member of the International Wineries for Climate Action (IWCA), aligning with their goals of minimizing the impacts of climate change.
Details of the Ransomware Attack
On July 25, 2024, Crimson Wine Group discovered that it had fallen victim to a ransomware attack orchestrated by the Abyss ransomware group. The attack resulted in a significant data breach, with approximately 1 TB of sensitive information being compromised. This incident highlights the growing threat of ransomware attacks on businesses in various sectors, including the wine industry.
About Abyss Ransomware Group
The Abyss ransomware group is a multi-extortion operation that emerged in March 2023, primarily targeting VMware ESXi environments. They are known for hosting a TOR-based website where they list victims along with exfiltrated data if the victims fail to comply with their demands. Abyss Locker ransomware campaigns have targeted various industries, including finance, manufacturing, information technology, and healthcare, with a primary focus on the United States.
Penetration and Impact
Initial access for Abyss Locker infections can vary, with affiliated threat actors observed targeting weak SSH configurations through SSH brute force attacks to establish entry to exposed servers. For Linux, Abyss Locker payloads are derived from the Babuk codebase and function similarly. The ransomware has a standard command line interface, requiring the threat actor to define a targeted path for encryption. Encrypted files are noted with the ".crypt" extension, and any folder containing encrypted files will also contain Abyss Locker ransom notes with the .README_TO_RESTORE extension.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.