Akira Ransomware Attack on Faultless Brands: Data Breach and Demands

Incident Date:

May 30, 2024

World map

Overview

Title

Akira Ransomware Attack on Faultless Brands: Data Breach and Demands

Victim

Faultless Brands

Attacker

Akira

Location

Kansas City, USA

Missouri, USA

First Reported

May 30, 2024

Ransomware Attack on Faultless Brands by Akira

Company Profile

Faultless Brands, operating as Ae OpCo I LLC, is a fifth-generation family-owned manufacturing company based in Kansas City, Missouri. The company specializes in producing laundry and household cleaning products, air care, and lawn and garden products for both consumer and commercial markets.

Company Standout

Distinguished by its long history, family ownership, and reputation for high-quality products and customer service, Faultless Brands has been in business for over 100 years. The company has successfully maintained its legacy while adapting to market changes.

Company Size

Faultless Brands is a significant player in the household and laundry products market, with operations centered in Kansas City, Missouri.

Company Vulnerabilities

As a manufacturing company with an extensive history and a wide range of products, Faultless Brands may have been targeted by threat actors like the Akira ransomware group due to the sensitive nature of the data they possess. The leak of HR files, employees' personal data, customer information, accounting files, confidential agreements, and medical information indicates potential vulnerabilities in their systems.

Ransomware Attack Overview

The Akira ransomware group targeted Faultless Brands, leaking sensitive data and demanding a ransom for decryption and data deletion. The attack included unauthorized access to VPNs, credential theft, and deployment of ransomware on the company's systems. The compromised data included employee and customer information, as well as confidential business files.

Ransomware Group - Akira

Akira is a rapidly growing ransomware family known for targeting small to medium-sized businesses across various sectors. Utilizing double extortion tactics, the group steals data before encrypting systems and then demands ransom. Akira's unique dark web leak site and retro 1980s-style interface set them apart from other ransomware groups.

Penetration of Company Systems

Akira may have infiltrated Faultless Brands' systems through unauthorized access to VPNs, credential theft, and lateral movement within the network. The use of tools like RClone, FileZilla, and WinSCP for data exfiltration, as well as the deployment of a backdoor, indicates a sophisticated approach to breaching the company's defenses.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.