Abyss Ransomware, first identified in 2023, is a sophisticated ransomware strain targeting both Windows and Linux systems, with a specific focus on VMware ESXi environments. It employs advanced encryption techniques, multi-extortion tactics, and strategic network infiltration to disrupt operations across various sectors, including finance, healthcare, and technology.
Key Characteristics:
Target Platforms: Windows, Linux (particularly VMware ESXi)
Encryption: Utilizes the Salsa20 encryption algorithm; appends .abyss or .crypt extensions.
Initial Access Vectors: Phishing emails, weak SSH configurations, and exploiting known vulnerabilities in exposed servers.
Multi-Extortion Tactics: Encrypts files and exfiltrates data, threatening public exposure on a TOR-based leak site if ransom demands are not met.
Windows Variant:
Service Termination: Disables critical services (e.g., MSSQL, Exchange) to ensure encryption success.
Persistence: Alters boot configuration to disable recovery options.
File Encryption: Employs Salsa20; ransom note WhatHappened.txt is dropped in each directory.
Obfuscation: Written in C++, using techniques to evade detection and hinder forensic analysis.
Linux Variant:
VMware ESXi Targeting: Leverages esxcli to manage and shut down virtual machines for encryption.
Selective Encryption: Avoids critical system directories to maintain partial system functionality.
Persistence: Establishes daemon processes to ensure the ransomware remains active post-reboot.
File Information
├── ├── Abyss_Linux
│ ├── 6f9046f4bc6517d47150caa3d6ddbc327cced5eecd86e8699d105beef388c3c0 elf_
│ └── 72310e31280b7e90ebc9a32cb33674060a3587663c0334daef76c2ae2cc2a462 elf_
└── Abyss_Windows
├── 0079fb42859d04096cf9d6aaaaf6a463bd723b1fb7625d4137cc88b890dbec51 exe_
├── 00fb27c489126cb61a2908f0ce15961c4af4681985e233cdac4f021fb3735ad0 exe_
├── 03f9dccb15e19b5af71d1c831f963e834c41a42777b270bd1d60230f88fe6a95 exe_
├── 056220ff4204783d8cc8e596b3fc463a2e6b130db08ec923f17c9a78aa2032da exe_
├── 07532f7b226afb8e4a931d9e51da41a6c163c4b59b7472682999ce795fd48ca1 exe_
├── 0763e887924f6c7afad58e7675ecfe34ab615f4bd8f569759b1c33f0b6d08c64 exe_
├── 0d2c958ee0a7a8667b93d0f9aaa265a32fbd44f3af0aaca9dfe93bfd0253d035 exe_
├── 10eddba5af7b55a8bd815fd98184cb703583bee61812fcf3e12f8b220bf3a7c7 exe_
├── 112a76c7fb220e0e44f96d833da260cfadb051e64a9311e19f34448eb856341f exe_
├── 1189c8aa073b9630958a1d8fdb81b8a1f6b538962e7b39c1de9071ab25007a23 exe_
├── 13158c90fe1a73a8bfec9205dbfe65a5346632a637d92d8aa671737af804e61d exe_
├── 1a31b8e23ccc7933c442d88523210c89cebd2c199d9ebb88b3d16eacbefe4120 exe_
├── 1d04d9a8eeed0e1371afed06dcc7300c7b8ca341fe2d4d777191a26dabac3596 exe_
├── 25ce2fec4cd164a93dee5d00ab547ebe47a4b713cced567ab9aca4a7080afcb7 exe_
├── 2cc6aeea99c5c45d16a4d84bf9c87c1fac3c3a390214179331d7049457ee7621 exe_
├── 2e42b9ded573e97c095e45dad0bdd2a2d6a0a99e4f7242695054217e2bba6829 exe_
├── 362a16c5e86f13700bdf2d58f6c0ab26e289b6a5c10ad2769f3412ec0b2da711 exe_
├── 3b2687884f2cc8710fabcfa39264a6fa2056d5178b1a9aba027a74abdf273ed6 exe_
├── 3fd080ef4cc5fbf8bf0e8736af00af973d5e41c105b4cd69522a0a3c34c96b6d exe_
├── 505934035dfcff6afabc9c29c10e1aa30187207f7c805ea10d24621d09db9277 exe_
├── 62069d85d187ffc78dc0c8b108098016b7631b5cc7501e30be3d1515eddd781a exe_
├── 68cbeaccb231459ceb604934f9b4cb6fc3b51901293db9d8464074e350f11bc2 exe_
├── 822c77cc025d12b267cf598a3bdff207b1ba278e96126590ac60d88701cd840a exe_
├── 877c8a1c391e21727b2cdb2f87c7b0b37fb7be1d8dd2d941f5c20b30eb65ee97 exe_
├── 88f16d251a88b9429ca9a99d4fb3083081ff55fb7cedfb32213b4bca011e9ce7 exe_
├── 9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc exe_
├── 94fa7d8eefce262cb2386b8fff2e1f35c8f35d570cecef54515207b9df40d97d exe_
├── b524773160f3cb3bfb96e7704ef31a986a179395d40a578edce8257862cafe5f exe_
├── ba7c611f8c14a5651b33405a521e189ad17210b36633972700540ba2056564a0 exe_
├── d58c756206dcf233d853ddf3c7c7cfd7b2052637211f442b10b93995e969f0d7 exe_
├── dced334f3d9739ef157ead80133d584af782e22e87d227a5ed83bf968f17d367 exe_
├── dee2af08e1f5bb89e7bad79fae5c39c71ff089083d65da1c03c7a4c051fabae0 exe_
├── e331eac881cbd0c473dfc63de47e9cead852625658ab7e602f9ed5128b65c6a4 exe_
├── e5417c7a24aa6f952170e9dfcfdf044c2a7259a03a7683c3ddb72512ad0cd5c7 exe_
├── e63420bc4a633d9e44e146ceeee17584e752b3e6fd9700137373746461d7b378 exe_
├── e6537d30d66727c5a306dc291f02ceb9d2b48bffe89dd5eff7aa2d22e28b6d7c exe_
└── f88f90760aa5f3bfa3977b5f388db814b767878dc6b9d45929c1ee94d7f5c57d exe_
No comments:
Post a Comment