Avelina Targeted: Akira Ransomware Attack Exposes Data
Incident Date:
May 28, 2024
Overview
Title
Avelina Targeted: Akira Ransomware Attack Exposes Data
Victim
Avalina
Attacker
Akira
Location
First Reported
May 28, 2024
Ransomware Attack on Avelina by Akira
Company Overview
Avelina is a multinational company in the food industry, with factories located in the United States, Chile, and Venezuela. They specialize in producing and selling high-quality olive oil and other gourmet food products sourced from the Mediterranean region. Avelina offers a range of olive oils, olives, vinegars, and sauces, providing customers with authentic Mediterranean flavors.
Company Size and Standout
With over 1,500 employees across its three factories, Avelina boasts a significant monthly production capacity of 16,500 tons. The company is renowned for its commitment to quality, social responsibility, and various social programs, focusing on human resources, commercial allies, suppliers, and consumers.
Victim Vulnerabilities
Avelina's prominence in the food industry and its extensive network of suppliers and customers make it an attractive target for threat actors like the Akira ransomware group. The company's large size and substantial production capacity may have made it challenging to secure all entry points, enabling the ransomware group to exploit vulnerabilities in their systems.
Attack Overview
The Akira ransomware group targeted Avelina, leaking 36GB of data that included sensitive information such as client and competitor details, financial documents, and personal data. The group employed double extortion tactics, demanding a ransom for decryption and data deletion to pressure the victim into paying.
Ransomware Group Profile
Emerging in March 2023, Akira is a rapidly growing ransomware family targeting small to medium-sized businesses across various sectors. Known for its double extortion tactics and retro 1980s-style dark web leak site, the group continuously adapts its tactics to target organizations effectively.
Attack Penetration
Akira likely infiltrated Avelina's systems through unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. The group may have exploited vulnerabilities in the company's network security, allowing them to exfiltrate data and encrypt systems to demand ransom.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.