Ransomware Attack on ETC Companies by Akira Group

ETC Companies, a leading general contractor based in Ramsey, New Jersey, specializing in large-scale affordable housing projects, has fallen victim to a ransomware attack by the notorious Akira group. The attack, which has been claimed on Akira's dark web leak site, reportedly involves the exfiltration of approximately 10 GB of sensitive data, potentially compromising project details, client information, and internal communications.

About ETC Companies

ETC Companies has established itself as a prominent player in the affordable housing sector, with a portfolio of over 125 projects valued at more than $1 billion. The company is renowned for its expertise in tenant-in-place rehabilitations and tenant relocation initiatives, emphasizing quality workmanship and project management. With a workforce of 20 to 49 employees, ETC Companies is committed to meeting deadlines and minimizing unexpected costs, which are critical in the affordable housing industry.

The company's operational philosophy includes maintaining strong relationships with residents during rehabilitation efforts and adhering to regulatory compliance and safety standards. This focus on community welfare and operational efficiency has earned ETC Companies a strong reputation in the construction industry.

Details of the Attack

The Akira ransomware group has claimed responsibility for the attack on ETC Companies, asserting that they have successfully infiltrated the company's systems. The breach poses significant risks, potentially exposing confidential project details and sensitive client information. The attack highlights the vulnerabilities faced by companies in the construction sector, which may not always prioritize cybersecurity measures.

Profile of Akira Ransomware Group

Akira is a ransomware variant that emerged in March 2023, known for its sophisticated attack methods and extensive targeting capabilities. The group employs a hybrid encryption scheme and utilizes various distribution methods, including exploiting vulnerabilities in VPN software and using compromised login credentials. Akira operates using a double-extortion model, exfiltrating sensitive information before demanding a ransom.

Akira distinguishes itself by its aggressive tactics and focus on larger organizations across various sectors, including education, finance, and healthcare. The group has been linked to the now-defunct Conti ransomware group, complicating tracking efforts due to shared methodologies and tools.

Sources

• ETC Companies Website
• Checkpoint on Akira Ransomware
• Trend Micro on Akira
• Cyberint on Akira