Ransomware Attack on Western Dovetail, Inc. by Akira

Company Profile

Western Dovetail, Inc. specializes in custom wood drawer boxes, offering products that range from $277.95 to $330.25. Based in Vallejo, California, Western Dovetail, Inc. operates within the Construction, Furniture, and Retail sector- The company is distinguished by its blend of old-world craftsmanship and modern technology, ensuring exceptional quality and limitless possibilities for its customers. With 8 employees and $8 million in revenue, Western Dovetail is a key player in its niche market.

Attack Details

The Akira ransomware group targeted Western Dovetail, leaking sensitive data that included employee information (such as addresses, emails, phone numbers, and relatives' contacts), tax and payment information, and some medical data. The group's dark web announcement highlighted Western Dovetail's commitment to maintaining tradition in the modern industry, particularly emphasizing the excellence of dovetail drawers in casework.

Ransomware Group: Akira

Akira is a ransomware group that emerged in March 2023, targeting small to medium-sized businesses across various sectors. Known for its double extortion tactics, the group steals data before encrypting systems and demands ransom for decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.

Penetration and Vulnerabilities

Akira likely infiltrated Western Dovetail's systems through unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. The group's use of tools like RClone, FileZilla, and WinSCP for data exfiltration, as well as the deployment of a previously unreported backdoor, indicates sophisticated tactics. Western Dovetail's vulnerabilities may have included inadequate cybersecurity measures or outdated software.

Sources:

• Western Dovetail, Inc. Website
• RocketReach - Western Dovetail, Inc. Profile
• Trend Micro - Ransomware Spotlight: Akira
• Sophos - Akira Ransomware