Akira Ransomware Group: A Threat to GCH Hotel Group's Data Security
Incident Date:
April 30, 2024
Overview
Title
Akira Ransomware Group: A Threat to GCH Hotel Group's Data Security
Victim
GCH Hotel Group
Attacker
Akira
Location
First Reported
April 30, 2024
Ransomware Attack on GCH Hotel Group by Akira: An In-depth Analysis
Company Profile
The GCH Hotel Group, officially known as GCH Hotels GmbH, is a leading hotel management company based in Berlin, Germany. With a significant presence in Europe, the company operates over 120 hotels across Germany, Belgium, Cyprus, Austria, and the Netherlands. It manages more than 15,000 hotel rooms and accommodates over three million guests annually. The company is renowned for its collaboration with major franchise brands including Wyndham, Radisson Blu, and Hilton, among others.
Employing approximately 289 individuals, GCH Hotel Group reported an annual revenue of $11.8 million in 2024. The company is distinguished by its comprehensive range of services such as sales & marketing, e-commerce, and IT support, which contribute to its robust operational framework.
Details of the Ransomware Attack
The company recently fell victim to a ransomware attack orchestrated by the Akira ransomware group. During the attack, approximately 45 GB of sensitive data was exfiltrated, including personal documents of clients, non-disclosure agreements, and various financial documents. The specifics of the ransom demand have not been disclosed, highlighting the ongoing investigation and response efforts.
Akira Ransomware Group Profile
Akira, a ransomware family that emerged in March 2023, is known for its affiliation with the defunct Conti ransomware gang. The group employs double extortion tactics, which involve stealing data prior to encrypting the victim's systems. Akira's operations have expanded to include targeting Linux-based VMware ESXi virtual machines, showcasing their adaptability and technical prowess.
The group's ransom demands typically range from $200,000 to over $4 million, and they have claimed over 250 victims with ransomware proceeds amounting to $42 million as of January 2024.
Potential Vulnerabilities and Entry Points
The hospitality sector, including companies like GCH Hotel Group, often manages vast amounts of personal and financial data, making them attractive targets for cybercriminals. Potential vulnerabilities could include insufficient cybersecurity measures on VPNs, outdated software systems, or inadequate employee training on phishing and other cyber threats. Akira's known methods of attack, such as credential theft and lateral movement, suggest that these could have been potential entry points in the GCH Hotel Group's network.
Sources
- GCH Hotel Group Official Website
- RocketReach - GCH Hotel Group Profile
- Onventis - GCH Hotel Group
- Germany Travel - GCH Hotel Group
- Trend Micro - Ransomware Spotlight: Akira
- Sophos News - Akira: The Ransomware That Keeps on Taking
- Tripwire - Akira Ransomware: What You Need to Know
- Trellix - Akira Ransomware
- IC3 - Akira Ransomware Report
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.