Ransomware victim disclosure
← All victimsCrown Laboratories
listed as crownlaboratories.com · Claimed by Abyss · listed 1 year ago
Status timeline
- ListedApr 2, 2025
- Data leakeddate unknown
At a glance
- Group
- Abyss
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Apr 2, 2025
- Data size
- 29 GB
- Ransom demanded
- $50
About the victim
AI dossier — public-source company profileCrown Laboratories, founded in 2000 and based in Johnson City, Tennessee, manufactures pharmaceutical and ethical over-the-counter skincare and aesthetic products for the medical marketplace and provides contract manufacturing to the pharmaceutical industry. The company was acquired by and is now operating as part of Revance Therapeutics, offering a global portfolio of aesthetics and skincare solutions across 60 countries.
- Industry
- Pharmaceuticals & Skincare Manufacturing
- Address
- Johnson City, Tennessee, United States
- Founded
- 2000
Attack summary
Severity: critical — Exfiltration of 8 TB of data from a pharmaceutical manufacturer represents critical-scale data exposure. The company manufactures prescription products and handles sensitive R&D, formulation, manufacturing, and customer data. Pharmaceutical data theft poses risks to intellectual property, regulatory compliance, and potentially patient safety.The Abyss group claims to have exfiltrated approximately 8 terabytes of uncompressed data from Crown Laboratories. The group has published the data across multiple RAR archive files on a dark web portal with a stated ransom of $50.
Data the group says was taken
AI dossier — extracted from the leak post- Business records
- Financial data
- Research & development files
- Manufacturing specifications
- Customer information
- Product formulations
The group's post references roughly 15 downloadable archive parts plus file listing proof files.
What the group claims
Crown Laboratories, founded in 2000 and based in Johnson City, TN, provides pharmaceutical and ethical OTC products to the medical marketplace and contract manufacturing to the pharmaceutical industry.
The leak post
captured from the group's site```
let data = [
{
'title' : 'thinlinetech.com',
'short' : 'thinlinetech.com 29Gb uncompressed data',
'full' : 'Thinline Technologies <br>' +
'Thinline Technologies offers reliable IT consulting and expert computer and network support services to businesses in the Baltimore metro area.<br> They specialize in network administration, technology planning, and help desk services, focusing on increasing productivity and profitability for small to mid-size businesses.<br>'+
'password: 6oGfyIRISQmmI3Ge2kEeyu7hbzONONEFpkcnhC1S4Ygk4iSpw4RRxDXY1uk9xeyUXOmg7UOuZvGekRc9cs8E61LWKdI08uv0kUyC4V6YxaETtrhniAtKD9t7FQ2qTFYi<br>'+
'Link â„–1 Filelist',
'links' : [
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.lst.zip",
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.rar"
]
},
{
'title' : 'crownlaboratories.com',
'short' : 'crownlaboratories.com 8Tb uncompressed data',
'full' : 'Crown Laboratories <br>' +
'Crown Laboratories, founded in 2000 and based in Johnson City, TN, provides pharmaceutica…Screenshot of the leak post

Sources
- Victim sitecrownlaboratories.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

