Akira Ransomware Attack on Faultless Brands: Data Breach and Demands
Incident Date:
May 30, 2024
Overview
Title
Akira Ransomware Attack on Faultless Brands: Data Breach and Demands
Victim
Faultless Brands
Attacker
Akira
Location
First Reported
May 30, 2024
Ransomware Attack on Faultless Brands by Akira
Company Profile
Faultless Brands, operating as Ae OpCo I LLC, is a fifth-generation family-owned manufacturing company based in Kansas City, Missouri. The company specializes in producing laundry and household cleaning products, air care, and lawn and garden products for both consumer and commercial markets.
Company Standout
Distinguished by its long history, family ownership, and reputation for high-quality products and customer service, Faultless Brands has been in business for over 100 years. The company has successfully maintained its legacy while adapting to market changes.
Company Size
Faultless Brands is a significant player in the household and laundry products market, with operations centered in Kansas City, Missouri.
Company Vulnerabilities
As a manufacturing company with an extensive history and a wide range of products, Faultless Brands may have been targeted by threat actors like the Akira ransomware group due to the sensitive nature of the data they possess. The leak of HR files, employees' personal data, customer information, accounting files, confidential agreements, and medical information indicates potential vulnerabilities in their systems.
Ransomware Attack Overview
The Akira ransomware group targeted Faultless Brands, leaking sensitive data and demanding a ransom for decryption and data deletion. The attack included unauthorized access to VPNs, credential theft, and deployment of ransomware on the company's systems. The compromised data included employee and customer information, as well as confidential business files.
Ransomware Group - Akira
Akira is a rapidly growing ransomware family known for targeting small to medium-sized businesses across various sectors. Utilizing double extortion tactics, the group steals data before encrypting systems and then demands ransom. Akira's unique dark web leak site and retro 1980s-style interface set them apart from other ransomware groups.
Penetration of Company Systems
Akira may have infiltrated Faultless Brands' systems through unauthorized access to VPNs, credential theft, and lateral movement within the network. The use of tools like RClone, FileZilla, and WinSCP for data exfiltration, as well as the deployment of a backdoor, indicates a sophisticated approach to breaching the company's defenses.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.