GreenLight BioSciences Falls Victim to Abyss Ransomware Attack

Company Overview

GreenLight BioSciences, headquartered in Medford, Massachusetts, is a biotechnology company specializing in RNA technology. Founded in 2008, the company focuses on developing innovative solutions for public health and agricultural challenges. With approximately 287 employees and an annual revenue of around $33 million, GreenLight BioSciences is known for its proprietary platform that enables the production of high-quality RNA at a competitive cost. This technology is pivotal in creating mRNA-based vaccines and sustainable agricultural products.

Attack Overview

On July 16, 2024, GreenLight BioSciences experienced a significant ransomware attack orchestrated by the Abyss ransomware group. The attack led to the compromise of 726GB of sensitive information, underscoring the increasing threat of cyberattacks on the biotechnology sector. The breach highlights the critical need for robust cybersecurity measures to protect valuable intellectual property and sensitive data.

Details of the Ransomware Group

The Abyss ransomware group, a multi-extortion operation that emerged in March 2023, primarily targets VMware ESXi environments. Known for their TOR-based website where they list victims and exfiltrated data, Abyss has targeted various industries, including finance, manufacturing, IT, and healthcare. Their operations are believed to have started many months before their public emergence, with previous variations observed as far back as 2019.

Penetration and Distinguishing Features

Abyss Locker ransomware campaigns often begin with weak SSH configurations, using SSH brute force attacks to gain initial access to exposed servers. For Linux systems, Abyss Locker payloads are derived from the Babuk codebase, functioning similarly. The ransomware uses a standard command line interface, requiring the threat actor to define a targeted path for encryption. Encrypted files are marked with the ".crypt" extension, and ransom notes are left in folders containing encrypted files.

Vulnerabilities and Impact

GreenLight BioSciences' focus on cutting-edge RNA technology and its significant intellectual property make it an attractive target for ransomware groups like Abyss. The attack on GreenLight BioSciences not only compromised a substantial amount of sensitive data but also highlighted potential vulnerabilities in the company's cybersecurity infrastructure. The incident serves as a stark reminder of the importance of implementing comprehensive cybersecurity measures to safeguard against sophisticated cyber threats.

Sources

• GreenLight BioSciences
• SentinelOne: Abyss Locker
• Bloomberg: GreenLight BioSciences
• PCRisk: Abyss Ransomware
• Dark Reading: Abyss Locker Ransomware