Ransomware victim disclosure
← All victimsCrimson Wine Group
listed as crimsonwinegroup.com · Claimed by Abyss · listed 2 years ago
Status timeline
- ListedJul 25, 2024
- Data leakeddate unknown
At a glance
- Group
- Abyss
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- Jul 25, 2024
- Data size
- 1.6 TB
- Ransom demanded
- $50
About the victim
AI dossier — public-source company profileCrimson Wine Group is a West Coast wine producer and portfolio manager based in Napa, California, operating approximately 1,000 acres of vineyards and multiple estate wineries. The company manages a collection of wine brands focused on quality production and distribution.
- Industry
- Wine & Spirits Manufacturing
- Address
- 5901 Silverado Trail, Napa, CA 94558
Attack summary
Severity: medium — Significant data exfiltration (1.6 TB) confirmed with published access to archives. However, the specific sensitivity of wine industry operational/business data is lower than regulated sectors (healthcare, finance, PII at scale). No indication of encryption-only or operational disruption to critical infrastructure.The Abyss group claims to have exfiltrated 1.6 TB of uncompressed data from Crimson Wine Group. The leak post does not explicitly describe the attack vector (encryption vs. data-only exfiltration), but published data archives are available on the group's dark web portal.
Data the group says was taken
AI dossier — extracted from the leak post- Business documents
- Financial records
- Employee information
- Operational data
What the group claims
crimsonwinegroup.com.com 1.6Tb uncompressed data
The leak post
captured from the group's site```
let data = [
{
'title' : 'thinlinetech.com',
'short' : 'thinlinetech.com 29Gb uncompressed data',
'full' : 'Thinline Technologies <br>' +
'Thinline Technologies offers reliable IT consulting and expert computer and network support services to businesses in the Baltimore metro area.<br> They specialize in network administration, technology planning, and help desk services, focusing on increasing productivity and profitability for small to mid-size businesses.<br>'+
'password: 6oGfyIRISQmmI3Ge2kEeyu7hbzONONEFpkcnhC1S4Ygk4iSpw4RRxDXY1uk9xeyUXOmg7UOuZvGekRc9cs8E61LWKdI08uv0kUyC4V6YxaETtrhniAtKD9t7FQ2qTFYi<br>'+
'Link â„–1 Filelist',
'links' : [
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.lst.zip",
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.rar"
]
},
{
'title' : 'crownlaboratories.com',
'short' : 'crownlaboratories.com 8Tb uncompressed data',
'full' : 'Crown Laboratories <br>' +
'Crown Laboratories, founded in 2000 and based in Johnson City, TN, provides pharmaceutica…Screenshot of the leak post

Sources
- Victim sitecrimsonwinegroup.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

