Abyss Ransomware Hits Non-Profit TPOCC, Compromises 570GB of Sensitive Data

Incident Date: Jun 25, 2024

Attack Overview

VICTIM

Turning Point of Central California

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Abyss

FIRST REPORTED

June 25, 2024

Request Removal

Abyss Ransomware Group Targets Turning Point of Central California

Overview of Turning Point of Central California

Turning Point of Central California (TPOCC) is a non-profit organization dedicated to providing a wide range of social services aimed at improving the lives of individuals and communities in Central California. Founded in 1970, TPOCC employs 441 individuals and offers services in mental health, substance abuse treatment, homelessness support, criminal justice reentry, and employment services. Their mission is to help people achieve self-sufficiency and a better quality of life through comprehensive support services.

Details of the Ransomware Attack

On June 28, 2024, TPOCC was targeted by the Abyss ransomware group, resulting in a significant data breach. The attack compromised 570GB of sensitive information. The Abyss group, known for its multi-extortion tactics, listed TPOCC on their dark web leak site, threatening to release the exfiltrated data if their demands were not met.

About the Abyss Ransomware Group

The Abyss ransomware group emerged in March 2023 and has quickly become a significant threat across various sectors, including healthcare, finance, manufacturing, and information technology. The group primarily targets VMware ESXi environments and is known for its TOR-based website where they list victims and exfiltrated data. Abyss Locker ransomware campaigns have been observed targeting weak SSH configurations through brute force attacks to gain initial access.

Penetration and Impact

The Abyss ransomware group likely penetrated TPOCC's systems through vulnerabilities in their network security, such as weak SSH configurations. Once inside, the ransomware encrypted files, appending the ".crypt" extension, and left ransom notes with the .README_TO_RESTORE extension. The attack has potentially severe implications for TPOCC, given the sensitive nature of the data they handle, including mental health records, substance abuse treatment details, and personal information of individuals in their housing and reentry programs.

Significance of the Attack

This attack underscores the growing threat of ransomware to non-profit organizations, particularly those in the healthcare and social services sectors. TPOCC's extensive range of services and the sensitive data they manage make them a prime target for threat actors like the Abyss group. The breach not only jeopardizes the privacy and security of their clients but also threatens the organization's ability to provide critical services to vulnerable populations.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.