The Anatomy of Abyss Locker Ransomware Attack

Feb. 10, 2025, 8:58 p.m.

Description

Abyss Locker (AKA Abyss ransomware) is a relatively new threat group that emerged in 2023, specializing in swift and decisive intrusions designed to cripple victims with ransomware. Abyss Locker was active throughout 2024, causing multiple incidents investigated by Sygnia. However, no recent technical blogs provide detailed insights into the group’s modus operandi.

External References

https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis/
https://otx.alienvault.com/pulse/67aa66d6dee5419a88a0d61e
Tags
backdoor
ransomware
rclone
persistence
service
esxi
chisel
psexec
2025-02-10
file
locker
abyss locker
defender
smbexec
strong
vulnerable
remcom
impact
story
patch
restrict
velvet
ssh tunneling

Date

  • Created: Feb. 10, 2025, 8:51 p.m.
  • Published: Feb. 10, 2025, 8:51 p.m.
  • Modified: Feb. 10, 2025, 8:58 p.m.

Indicators

  • f9ab649acfe76d6ac088461b471e5d981bdc8b71d940e94c63bc1988a2ed4678
  • d48c7f13db60ef615e59773c442485e84acef09343375d0d8a462b285e959baa
  • cd9d88cccd85209966c5a35aba7751b962bcc021a4216d6addfc0c3462ce80da
  • 6042a84529958a04a2d46384139da3ef016bf9498e791cd5e34dfecec2baa1d2
  • 5fba25759423f9efc92592977f6c9ff77d47a20aa8ec8e9cd17d5cfa786a1852
  • 5f9dfd9557cf3ca96a4c7f190fc598c10f8871b1313112c9aea45dc8443017a2
  • 0d9089efe2a28630bc21d8db451ec14dc856c2d40444292c42e7cca218c7029e
  • 05b82d46ad331cc16bdc00de5c6332c1ef818df8ceefcd49c726553209b3a0da
  • d76c74fc7a00a939985ae515991b80afa0524bf0a4feaec3e5e58e52630bd717
  • 3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71
  • 67.217.228.101
  • 64.95.12.70
  • 64.95.12.57
  • 149.137.142.15
  • 139.180.135.191
Download all indicators here!

Attack Patterns

  • Abyss Locker