R. Zoppo Corp. Hit by Abyss Ransomware, 233GB Data Stolen
Incident Date:
July 28, 2024
Overview
Title
R. Zoppo Corp. Hit by Abyss Ransomware, 233GB Data Stolen
Victim
R. Zoppo Corp.
Attacker
Abyss
Location
First Reported
July 28, 2024
R. Zoppo Corp. Targeted by Abyss Ransomware Group
Overview of R. Zoppo Corp.
R. Zoppo Corp., a well-established general contracting company based in Stoughton, Massachusetts, has been a significant player in the construction industry since its founding in 1925. Specializing in heavy civil engineering and infrastructure work, the company offers services such as underground utilities, pumping stations, treatment plants, and bridge construction. Their expertise extends to water and wastewater treatment facilities, heavy civil and highway projects, demolition, environmental remediation, and flood control and dam work. The company serves both private and public sector clients, handling projects ranging from $10,000 to $40 million.
Details of the Ransomware Attack
The Abyss Ransomware group has claimed responsibility for a recent cyberattack on R. Zoppo Corp., exfiltrating over 233 GB of sensitive data. The attackers have threatened to release the password to access this stolen data on August 4 unless their demands are met. This breach poses significant risks to R. Zoppo Corp.'s operations and data security, highlighting vulnerabilities in their cybersecurity measures.
About the Abyss Ransomware Group
The Abyss ransomware group is a multi-extortion operation that emerged in March 2023, primarily targeting VMware ESXi environments. They are known for their TOR-based website where they list victims and exfiltrated data if demands are not met. The group has targeted various industries, including finance, manufacturing, information technology, and healthcare, with a primary focus on the United States.
Penetration and Impact
Abyss Locker infections often begin with weak SSH configurations, exploited through SSH brute force attacks to gain entry to exposed servers. For Linux systems, Abyss Locker payloads are derived from the Babuk codebase. The ransomware encrypts files, appending the ".crypt" extension, and leaves ransom notes with the .README_TO_RESTORE extension. The attack on R. Zoppo Corp. underscores the critical need for robust cybersecurity measures in the construction industry, which often deals with large-scale, sensitive infrastructure projects.
Implications for R. Zoppo Corp.
The attack on R. Zoppo Corp. could have severe implications, potentially disrupting their operations and damaging their reputation. As a company that prides itself on tackling unique and challenging projects, this breach could undermine their ability to secure future contracts and maintain client trust. The construction industry, with its reliance on timely project delivery and sensitive data, must prioritize cybersecurity to protect against such threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.