Wold Architects & Engineers Hit by Abyss Locker Ransomware

Incident Date:

May 7, 2024

World map

Overview

Title

Wold Architects & Engineers Hit by Abyss Locker Ransomware

Victim

Wold Architechs and Engineers

Attacker

Abyss

Location

St. Paul, USA

Minnesota, USA

First Reported

May 7, 2024

Ransomware Attack on Wold Architects & Engineers

Victim Profile

Wold Architects & Engineers, a full-service planning, architecture, and engineering firm, headquartered in St. Paul, MN, with additional offices in Denver, Colorado; Palatine, Illinois; Brentwood, Tennessee; and Jackson, Tennessee. The company offers customizable services for clients in the education, government, healthcare, and senior living sectors.

Company Overview

The company is known for its expertise in sustainable design and has been involved in projects that aim to reduce environmental impact. The firm has worked on projects such as the City and County of Denver Jail Housing project, which achieved LEED Silver certification, and the Manzanola K-12 School Renovation/Addition, which achieved CHPS Verified recognition. The company's core values include nurturing future leaders, meaningful collaboration with clients, embracing diverse perspectives, and delivering personalized experiences.

Ransomware Attack Details

The Abyss ransomware group targeted Wold Architects & Engineers, compromising over 9.5 terabytes of data. The attack, which occurred on May 07th, 2024, is part of Abyss Locker's multi-extortion operation that primarily targets VMware ESXi environments. The ransomware group is known for hosting a TOR-based website where they list victims along with exfiltrated data if the victims fail to comply with their demands.

Vulnerabilities and Impact

Wold Architects & Engineers, being a prominent firm in the architecture and engineering industry, may have been targeted due to the sensitive nature of the data they handle, including design plans, client information, and project details. The firm's involvement in sustainable design projects and government facilities may have made them a lucrative target for threat actors seeking valuable data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.