The Abyss ransomware group is a ransomware group that emerged around 2020, operating primarily as a ransomware-as-a-service (RaaS) group. Abyss is known for targeting large organizations, including enterprises in healthcare, manufacturing, and professional services.

Abyss typically uses double extortion tactics, encrypting victims’ data while also stealing sensitive information and threatening to publish it if ransom demands are not met. The group has operated data-leak sites on the dark web to pressure victims, a strategy that became common among ransomware groups during this period. Initial access is often achieved through phishing, compromised credentials, or exploitation of exposed remote services such as RDP.

Technically, Abyss ransomware employs strong encryption algorithms and attempts to disable security tools and backups before executing payloads, increasing the likelihood of payment.