Abyss Locker

Malware updated 7 months ago (2024-05-04T19:16:06.656Z)

Download STIX

Preview STIX

Abyss Locker is a formidable strain of malware, specifically ransomware, that has been observed targeting both Microsoft Windows and Linux platforms. This malicious software operates by infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it wreaks havoc by stealing personal information, disrupting operations, or holding data hostage for ransom. The first version of Abyss Locker was designed for Windows, with a subsequent version (v2) also released for the same platform. The threat posed by Abyss Locker escalated in early 2024. On March 2nd, 2024, reports emerged that this ransomware variant had broadened its scope to target not only individual users' computers but also enterprise-level servers. Specifically, it was found to be seeking out VMware's ESXi servers, potentially causing significant disruption and damage to businesses reliant on these systems. In addition to its Windows and Linux capabilities, Abyss Locker demonstrated a concerning ability to threaten Apache servers, amplifying the potential scale and impact of its attacks. The ransomware's sophisticated use of cryptography makes it particularly challenging to combat, as it employs complex codes to encrypt victims' files and demand payment for their release. As of the latest updates, efforts are ongoing to mitigate the risks associated with Abyss Locker and provide effective countermeasures against its damaging effects.

Description last updated: 2024-05-04T17:32:05.042Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
HELLOKITTY is a possible alias for Abyss Locker. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Esxi

Linux

Windows

Extortion

Locker

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The REvil Malware is associated with Abyss Locker. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. Th	Unspecified	2

Source Document References

Information about the Abyss Locker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Mageia 2024-0053: wpa_supplicant security update \| LinuxSecurity.com
CERT-EU	9 months ago	Ubuntu 6649-2: Firefox regressions \| LinuxSecurity.com
CERT-EU	9 months ago	SUSE: 2024:0769-1 critical: postgresql-jdbc \| LinuxSecurity.com
CERT-EU	9 months ago	SUSE: 2024:0763-1 moderate: python-cryptography \| LinuxSecurity.com
CERT-EU	9 months ago	SUSE: 2024:0764-1 important: wpa_supplicant \| LinuxSecurity.com
CERT-EU	9 months ago	Ubuntu 6669-1: Thunderbird vulnerabilities \| LinuxSecurity.com
CERT-EU	9 months ago	The Week in Ransomware - March 1st 2024 - Healthcare under siege
CERT-EU	9 months ago	Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
CERT-EU	9 months ago	Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
Fortinet	9 months ago	Ransomware Roundup – Abyss Locker \| FortiGuard Labs
Unit42	10 months ago	Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
CERT-EU	a year ago	HelloKitty ransomware source code exposed
CERT-EU	a year ago	HelloKitty ransomware source code leaked on hacking forum
CERT-EU	a year ago	No evidence organizations with cyberinsurance more likely to pay ransom
CERT-EU	a year ago	Ransom paid for NoEscape attack on Hawai'i Community College
DARKReading	a year ago	Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers
CERT-EU	a year ago	Cyber Security Today, July 31, 2023 – Warnings to Linux and web administrators, and more \| IT World Canada News
Securityaffairs	a year ago	Now Abyss Locker also targets VMware ESXi servers
CERT-EU	a year ago	Now Abyss Locker also targets VMware ESXi servers \| IT Security News