Wold Architects & Engineers Hit by Abyss Locker Ransomware
Incident Date:
May 7, 2024
Overview
Title
Wold Architects & Engineers Hit by Abyss Locker Ransomware
Victim
Wold Architechs and Engineers
Attacker
Abyss
Location
First Reported
May 7, 2024
Ransomware Attack on Wold Architects & Engineers
Victim Profile
Wold Architects & Engineers, a full-service planning, architecture, and engineering firm, headquartered in St. Paul, MN, with additional offices in Denver, Colorado; Palatine, Illinois; Brentwood, Tennessee; and Jackson, Tennessee. The company offers customizable services for clients in the education, government, healthcare, and senior living sectors.
Company Overview
The company is known for its expertise in sustainable design and has been involved in projects that aim to reduce environmental impact. The firm has worked on projects such as the City and County of Denver Jail Housing project, which achieved LEED Silver certification, and the Manzanola K-12 School Renovation/Addition, which achieved CHPS Verified recognition. The company's core values include nurturing future leaders, meaningful collaboration with clients, embracing diverse perspectives, and delivering personalized experiences.
Ransomware Attack Details
The Abyss ransomware group targeted Wold Architects & Engineers, compromising over 9.5 terabytes of data. The attack, which occurred on May 07th, 2024, is part of Abyss Locker's multi-extortion operation that primarily targets VMware ESXi environments. The ransomware group is known for hosting a TOR-based website where they list victims along with exfiltrated data if the victims fail to comply with their demands.
Vulnerabilities and Impact
Wold Architects & Engineers, being a prominent firm in the architecture and engineering industry, may have been targeted due to the sensitive nature of the data they handle, including design plans, client information, and project details. The firm's involvement in sustainable design projects and government facilities may have made them a lucrative target for threat actors seeking valuable data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.