Akira Ransomware Hits Allied Industrial Group: 15GB Data Compromised
Incident Date:
July 8, 2024
Overview
Title
Akira Ransomware Hits Allied Industrial Group: 15GB Data Compromised
Victim
Allied Industrial Group
Attacker
Akira
Location
First Reported
July 8, 2024
Ransomware Attack on Allied Industrial Group by Akira
Overview of Allied Industrial Group
Allied Industrial Group (AIG) is a prominent player in the manufacturing sector, specializing in custom tooling solutions and engineering services. The company operates a 60,000 square foot manufacturing facility equipped with over 60 advanced machines. AIG's offerings include material handling systems, ergonomic lifting solutions, and complete production line setups. Their engineering team, with over 200 years of combined experience, provides services such as reverse engineering, prototype development, material analysis, and design optimization. AIG is committed to quality and safety, ensuring compliance with industry standards and maintaining a proactive approach to workplace safety.
Details of the Ransomware Attack
On July 9, 2024, Allied Industrial Group fell victim to a ransomware attack orchestrated by the Akira ransomware group. Approximately 15GB of data was compromised during the incident, with the specifics of the data and the attackers' demands yet to be disclosed. The company is currently assessing the extent of the intrusion and its potential impact on operations.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including manufacturing, government, technology, and education. Akira employs double extortion tactics, stealing data before encrypting systems and demanding ransom for both decryption and data deletion. The group's ransom demands typically range from $200,000 to over $4 million. Akira's dark web leak site features a retro 1980s-style interface, requiring victims to navigate by typing commands.
Penetration and Vulnerabilities
Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement within networks. They use tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's ability to target both Windows systems and Linux-based VMware ESXi virtual machines makes them a versatile and formidable threat. Allied Industrial Group's extensive use of advanced machinery and reliance on digital systems for engineering and production likely made them an attractive target for Akira.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.