Akira Ransomware Attack on Western Dovetail, Inc.

Incident Date:

May 29, 2024

World map

Overview

Title

Akira Ransomware Attack on Western Dovetail, Inc.

Victim

Western Dovetail, Inc.

Attacker

Akira

Location

Vallejo, USA

California, USA

First Reported

May 29, 2024

Ransomware Attack on Western Dovetail, Inc. by Akira

Company Profile

Western Dovetail, Inc. specializes in custom wood drawer boxes, offering products that range from $277.95 to $330.25. Based in Vallejo, California, Western Dovetail, Inc. operates within the Construction, Furniture, and Retail sector- The company is distinguished by its blend of old-world craftsmanship and modern technology, ensuring exceptional quality and limitless possibilities for its customers. With 8 employees and $8 million in revenue, Western Dovetail is a key player in its niche market.

Attack Details

The Akira ransomware group targeted Western Dovetail, leaking sensitive data that included employee information (such as addresses, emails, phone numbers, and relatives' contacts), tax and payment information, and some medical data. The group's dark web announcement highlighted Western Dovetail's commitment to maintaining tradition in the modern industry, particularly emphasizing the excellence of dovetail drawers in casework.

Ransomware Group: Akira

Akira is a ransomware group that emerged in March 2023, targeting small to medium-sized businesses across various sectors. Known for its double extortion tactics, the group steals data before encrypting systems and demands ransom for decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.

Penetration and Vulnerabilities

Akira likely infiltrated Western Dovetail's systems through unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. The group's use of tools like RClone, FileZilla, and WinSCP for data exfiltration, as well as the deployment of a previously unreported backdoor, indicates sophisticated tactics. Western Dovetail's vulnerabilities may have included inadequate cybersecurity measures or outdated software.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.