Akira Ransomware Attack on Reading Electric

Incident Date:

May 10, 2024

World map

Overview

Title

Akira Ransomware Attack on Reading Electric

Victim

Reading Electric

Attacker

Akira

Location

Reading, USA

Pennsylvania, USA

First Reported

May 10, 2024

Ransomware Attack on Reading Electric by Akira

Victim Overview

Reading Electric, a company acquired by Bearing & Drive Solutions (BDS) in 2018, specializes in providing electromechanical products and services for industrial and commercial systems in the Manufacturing sector. Utilizing JavaScript, their offerings include crucial electro-mechanical products necessary for efficient system functioning. Their services encompass a wide array of electrical services and repairs, including AC & DC Electric Motors, Commercial Generator Installation & Monitoring, Gearbox Repair, Machine Shop Services, and Emergency Electrical Services & Repair, catering to the diverse needs of industrial and commercial clients.

Ransomware Attack Details

The cybercriminal group, Akira, targeted the website of Reading Electric using a ransomware attack. The attack resulted in the exfiltration of 82 GB of data, including personal documents, confidential agreements, contracts, and financial data, posing a severe threat to the security and privacy of Reading Electric's sensitive information.

Akira Ransomware Group

Akira is a rapidly growing ransomware family that targets small to medium-sized businesses across various sectors. The group is believed to be affiliated with the now-defunct Conti ransomware gang and employs double extortion tactics, demanding ransom for decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.

Attack Vector

The group employs unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. The group has been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor to infiltrate systems.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.