Akira Group Strikes E-T-A Elektrotechnische Apparate GmbH
Incident Date:
June 5, 2024
Overview
Title
Akira Group Strikes E-T-A Elektrotechnische Apparate GmbH
Victim
E-T-A Elektrotechnische Apparate GmbH
Attacker
Akira
Location
First Reported
June 5, 2024
Ransomware Attack on E-T-A Elektrotechnische Apparate GmbH by Akira Group
Overview of E-T-A Elektrotechnische Apparate GmbH
Founded in 1948, E-T-A Elektrotechnische Apparate GmbH is a German company specializing in circuit protection and power management solutions. With a significant global presence, the company operates six production facilities and has subsidiaries in over 60 countries. E-T-A is renowned for its high-quality circuit breakers, electronic relays, power distribution modules, and advanced control systems, serving industries such as automotive, aerospace, telecommunications, and industrial automation.
Details of the Ransomware Attack
The Akira ransomware group has claimed responsibility for a cyberattack on E-T-A Elektrotechnische Apparate GmbH. According to Akira, they have exfiltrated 24 gigabytes of sensitive data, including customer information, non-disclosure agreements, financial records, and employee personal information. A screenshot purportedly showing the stolen data was posted on Akira's dark web leak site. Despite these claims, E-T-A's official website remains operational, and the company has not yet confirmed or denied the attack.
About the Akira Ransomware Group
Emerging in March 2023, Akira is a relatively new ransomware group known for targeting small to medium-sized businesses across various sectors, including manufacturing, technology, and telecommunications. Akira employs double extortion tactics, stealing data before encrypting systems and demanding ransoms ranging from $200,000 to over $4 million. The group is believed to have ties to the defunct Conti ransomware gang, sharing similar code and tactics.
Potential Vulnerabilities and Attack Vectors
Akira's attack methods include unauthorized access to VPNs, credential theft, and lateral movement within networks. They use tools like RClone, FileZilla, and WinSCP for data exfiltration. The group's ability to target both Windows and Linux-based VMware ESXi virtual machines highlights their adaptability and sophistication. E-T-A's extensive global operations and reliance on digital systems for manufacturing and distribution may have made them a lucrative target for Akira.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.