GreenLight BioSciences Hit by Abyss Ransomware: 726GB of Sensitive Data Compromised

Incident Date:

July 15, 2024

World map

Overview

Title

GreenLight BioSciences Hit by Abyss Ransomware: 726GB of Sensitive Data Compromised

Victim

Greenlight BioSciences

Attacker

Abyss

Location

Medford, USA

Massachusetts, USA

First Reported

July 15, 2024

GreenLight BioSciences Falls Victim to Abyss Ransomware Attack

Company Overview

GreenLight BioSciences, headquartered in Medford, Massachusetts, is a biotechnology company specializing in RNA technology. Founded in 2008, the company focuses on developing innovative solutions for public health and agricultural challenges. With approximately 287 employees and an annual revenue of around $33 million, GreenLight BioSciences is known for its proprietary platform that enables the production of high-quality RNA at a competitive cost. This technology is pivotal in creating mRNA-based vaccines and sustainable agricultural products.

Attack Overview

On July 16, 2024, GreenLight BioSciences experienced a significant ransomware attack orchestrated by the Abyss ransomware group. The attack led to the compromise of 726GB of sensitive information, underscoring the increasing threat of cyberattacks on the biotechnology sector. The breach highlights the critical need for robust cybersecurity measures to protect valuable intellectual property and sensitive data.

Details of the Ransomware Group

The Abyss ransomware group, a multi-extortion operation that emerged in March 2023, primarily targets VMware ESXi environments. Known for their TOR-based website where they list victims and exfiltrated data, Abyss has targeted various industries, including finance, manufacturing, IT, and healthcare. Their operations are believed to have started many months before their public emergence, with previous variations observed as far back as 2019.

Penetration and Distinguishing Features

Abyss Locker ransomware campaigns often begin with weak SSH configurations, using SSH brute force attacks to gain initial access to exposed servers. For Linux systems, Abyss Locker payloads are derived from the Babuk codebase, functioning similarly. The ransomware uses a standard command line interface, requiring the threat actor to define a targeted path for encryption. Encrypted files are marked with the ".crypt" extension, and ransom notes are left in folders containing encrypted files.

Vulnerabilities and Impact

GreenLight BioSciences' focus on cutting-edge RNA technology and its significant intellectual property make it an attractive target for ransomware groups like Abyss. The attack on GreenLight BioSciences not only compromised a substantial amount of sensitive data but also highlighted potential vulnerabilities in the company's cybersecurity infrastructure. The incident serves as a stark reminder of the importance of implementing comprehensive cybersecurity measures to safeguard against sophisticated cyber threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.