Akira attacks Myers Automotive Group

Incident Date:

April 18, 2024

World map

Overview

Title

Akira attacks Myers Automotive Group

Victim

Myers Automotive Group

Attacker

Akira

Location

Ottawa, Canada

Ontario, Canada

First Reported

April 18, 2024

The Akira Ransomware Gang Targets Myers Automotive Group

Background

The Akira ransomware gang has recently targeted Myers Automotive Group, a company with a long history in the automotive industry. Despite limited details, it is known that the company's website is currently offline.

Company Overview

Myers Automotive Group, established in 1942, operates 14 dealerships in locations such as Orleans, Kanata, Kemptville, and Manotick. The company specializes in vehicle sales and services, with its headquarters situated in Ottawa.

Ransomware Details

Akira, which emerged in March 2023, is believed to have connections to the Conti gang. Notably, Akira's ransomware platform includes a chat feature for direct negotiations with victims. Additionally, the group has a unique practice of informing victims about the infection vectors used in the attack post-ransom payment.

Technical Details

Akira's ransom demands typically range from $200,000 to over $4 million. The ransomware is equipped with a RaaS written in C++ capable of targeting both Windows and Linux systems. Akira modules utilize various techniques to encrypt files and avoid detection, including the deletion of Windows Shadow Volume Copies and the exploitation of legitimate tools like PCHunter64.

Recent Activities

In recent months, Akira has expanded its operations to include a Linux variant and has been observed exploiting vulnerabilities in Cisco's security software and VMware ESXi for lateral movement. The group has targeted organizations across different sectors, engaging in data exfiltration for double extortion purposes.Overall, Akira's attack volume is steadily increasing, positioning them as a significant threat in the ransomware landscape.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.