The Akira Ransomware Gang Targets Myers Automotive Group

Background

The Akira ransomware gang has recently targeted Myers Automotive Group, a company with a long history in the automotive industry. Despite limited details, it is known that the company's website is currently offline.

Company Overview

Myers Automotive Group, established in 1942, operates 14 dealerships in locations such as Orleans, Kanata, Kemptville, and Manotick. The company specializes in vehicle sales and services, with its headquarters situated in Ottawa.

Ransomware Details

Akira, which emerged in March 2023, is believed to have connections to the Conti gang. Notably, Akira's ransomware platform includes a chat feature for direct negotiations with victims. Additionally, the group has a unique practice of informing victims about the infection vectors used in the attack post-ransom payment.

Technical Details

Akira's ransom demands typically range from $200,000 to over $4 million. The ransomware is equipped with a RaaS written in C++ capable of targeting both Windows and Linux systems. Akira modules utilize various techniques to encrypt files and avoid detection, including the deletion of Windows Shadow Volume Copies and the exploitation of legitimate tools like PCHunter64.

Recent Activities

In recent months, Akira has expanded its operations to include a Linux variant and has been observed exploiting vulnerabilities in Cisco's security software and VMware ESXi for lateral movement. The group has targeted organizations across different sectors, engaging in data exfiltration for double extortion purposes.Overall, Akira's attack volume is steadily increasing, positioning them as a significant threat in the ransomware landscape.