Idaho Pacific Holdings Targeted by Abyss Ransomware Group

Idaho Pacific Holdings, a leading manufacturer of dehydrated potato products, has fallen victim to a ransomware attack orchestrated by the Abyss ransomware group. The attackers claim to have exfiltrated 3.5 TB of uncompressed data from the company and have threatened to release the password to access this data on August 30, putting the company's sensitive information at significant risk.

Company Overview

Founded in 1987 and headquartered in Ririe, Idaho, Idaho Pacific Holdings is a prominent player in the food production industry, specializing in dehydrated potato products. The company operates multiple production facilities across Idaho, Colorado, and Prince Edward Island, Canada. With an annual revenue of $84.4 million and approximately 67 employees, Idaho Pacific serves a global customer base, providing key ingredients for various food applications, including snacks, mashed potatoes, and bakery products.

Idaho Pacific is known for its commitment to quality and innovation, sourcing high-quality Russet potatoes from the nutrient-rich Idaho Snake River plain. The company has invested significantly in modernizing its facilities and processes to enhance production efficiency and product quality. Their research and development team focuses on developing customized product specifications to meet the diverse needs of their customers.

Attack Overview

The Abyss ransomware group, a multi-extortion operation that emerged in March 2023, has claimed responsibility for the attack on Idaho Pacific Holdings. The group is known for targeting VMware ESXi environments and hosting a TOR-based website where they list victims along with exfiltrated data if the victims fail to comply with their demands. The attackers have threatened to publish the password to access the stolen data on August 30, escalating the risk for Idaho Pacific Holdings.

Ransomware Group Profile

Abyss Locker ransomware campaigns have targeted various industries, including finance, manufacturing, information technology, and healthcare, with a primary focus on the United States. The group employs various methods to gain initial access, including targeting weak SSH configurations through brute force attacks. For Linux systems, Abyss Locker payloads are derived from the Babuk codebase and function similarly. Encrypted files are noted with the ".crypt" extension, and ransom notes are left in folders containing encrypted files.

Potential Vulnerabilities

Idaho Pacific Holdings' extensive use of modernized production facilities and technological capabilities may have inadvertently exposed them to cyber threats. The company's reliance on digital infrastructure for operational efficiency and product quality makes it a lucrative target for ransomware groups like Abyss. Weaknesses in SSH configurations or outdated security protocols could have provided an entry point for the attackers.

Sources

• Idaho Pacific Holdings
• SentinelOne: Abyss Locker
• PotatoPro: Idaho Pacific Corporation
• Dun & Bradstreet: Idaho Pacific Holdings
• Seqrite: Abyss Locker