Akira Ransomware Attack on Western Dovetail, Inc.
Incident Date:
May 29, 2024
Overview
Title
Akira Ransomware Attack on Western Dovetail, Inc.
Victim
Western Dovetail, Inc.
Attacker
Akira
Location
First Reported
May 29, 2024
Ransomware Attack on Western Dovetail, Inc. by Akira
Company Profile
Western Dovetail, Inc. specializes in custom wood drawer boxes, offering products that range from $277.95 to $330.25. Based in Vallejo, California, Western Dovetail, Inc. operates within the Construction, Furniture, and Retail sector- The company is distinguished by its blend of old-world craftsmanship and modern technology, ensuring exceptional quality and limitless possibilities for its customers. With 8 employees and $8 million in revenue, Western Dovetail is a key player in its niche market.
Attack Details
The Akira ransomware group targeted Western Dovetail, leaking sensitive data that included employee information (such as addresses, emails, phone numbers, and relatives' contacts), tax and payment information, and some medical data. The group's dark web announcement highlighted Western Dovetail's commitment to maintaining tradition in the modern industry, particularly emphasizing the excellence of dovetail drawers in casework.
Ransomware Group: Akira
Akira is a ransomware group that emerged in March 2023, targeting small to medium-sized businesses across various sectors. Known for its double extortion tactics, the group steals data before encrypting systems and demands ransom for decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.
Penetration and Vulnerabilities
Akira likely infiltrated Western Dovetail's systems through unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. The group's use of tools like RClone, FileZilla, and WinSCP for data exfiltration, as well as the deployment of a previously unreported backdoor, indicates sophisticated tactics. Western Dovetail's vulnerabilities may have included inadequate cybersecurity measures or outdated software.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.