Akira Ransomware Hits SAGE Publishing: Data at Risk
Incident Date:
July 30, 2024
Overview
Title
Akira Ransomware Hits SAGE Publishing: Data at Risk
Victim
SAGE Publishing
Attacker
Akira
Location
First Reported
July 30, 2024
Ransomware Attack on SAGE Publishing by Akira Group
SAGE Publishing, a renowned independent academic publisher, has recently fallen victim to a ransomware attack orchestrated by the Akira ransomware group. The attack has been publicly claimed by Akira on their dark web leak site, where they have threatened to release SAGE's internal high-quality content, including financial data and agreements.
About SAGE Publishing
Founded in 1965 by Sara Miller McCune, SAGE Publishing is headquartered in Thousand Oaks, California. The company operates globally with offices in North America, Europe, and the Asia-Pacific region. SAGE publishes over 1,000 journals and more than 800 books annually, covering a wide array of disciplines such as business, humanities, social sciences, science, technology, and medicine. The company is known for its commitment to academic excellence, innovation, and inclusivity in scholarly communication.
Attack Overview
The Akira ransomware group has claimed responsibility for the attack on SAGE Publishing. The group has announced their intention to upload SAGE's internal data to their blog, making it publicly available within a few days. This data reportedly includes sensitive financial information and agreements, which could have significant implications for SAGE and its stakeholders.
About Akira Ransomware Group
Akira is a relatively new ransomware family that emerged in March 2023. The group has been targeting small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. The group employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion.
Penetration and Tactics
Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement within the victim's network to deploy the ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group has also expanded its operations to target Linux-based VMware ESXi virtual machines in addition to Windows systems.
Implications for SAGE Publishing
SAGE Publishing's extensive digital infrastructure and global operations make it a lucrative target for ransomware groups like Akira. The potential release of sensitive financial data and agreements could harm the company's reputation and financial standing. Additionally, the attack underscores the vulnerabilities that even well-established organizations face in the evolving landscape of cyber threats.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.