Akira Group Ransomware Attack on Reinhold Sign Service
Incident Date:
June 7, 2024
Overview
Title
Akira Group Ransomware Attack on Reinhold Sign Service
Victim
Reinhold Sign Service
Attacker
Akira
Location
First Reported
June 7, 2024
Ransomware Attack on Reinhold Sign Service by Akira Group
Overview of Reinhold Sign Service
Founded in 1954, Reinhold Sign Service, Inc. is a family-owned business based in Green Bay, Wisconsin. Specializing in the design, fabrication, installation, and maintenance of custom signage, the company serves a diverse range of industries including retail, corporate, healthcare, and hospitality. With a team of 11 employees, Reinhold Sign Service is known for its high-quality sign products and advanced manufacturing techniques.
Details of the Ransomware Attack
The Akira ransomware group has claimed responsibility for an attack on Reinhold Sign Service. The group announced on their dark web leak site that they have exfiltrated financial and accounting data, drawings, and some client information from the company. Akira has threatened to upload these files soon, leveraging their double extortion tactics to pressure the victim into paying a ransom.
About the Akira Ransomware Group
Emerging in March 2023, Akira is a rapidly growing ransomware family. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, and technology. Akira is known for its double extortion tactics, where they steal data before encrypting systems and demand a ransom for both decryption and data deletion. The group uses a unique dark web leak site with a retro 1980s-style interface and has been linked to the now-defunct Conti ransomware gang.
Potential Vulnerabilities and Penetration Methods
Like many small to medium-sized businesses, Reinhold Sign Service may have vulnerabilities that make them attractive targets for ransomware groups. Akira typically gains unauthorized access through VPNs, credential theft, and lateral movement within the network. They use tools like RClone, FileZilla, and WinSCP for data exfiltration. The group's ability to target both Windows and Linux-based VMware ESXi virtual machines further broadens their attack surface.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.