Cellular Plus Hit by Akira Ransomware Compromising Sensitive Data

Incident Date:

September 5, 2024

World map

Overview

Title

Cellular Plus Hit by Akira Ransomware Compromising Sensitive Data

Victim

Cellular Plus

Attacker

Akira

Location

Billings, USA

Montana, USA

First Reported

September 5, 2024

Ransomware Attack on Cellular Plus by Akira Group

Cellular Plus, a prominent Verizon Wireless Authorized Retailer, has recently been targeted by the notorious ransomware group Akira. This attack has compromised a substantial amount of sensitive data, significantly impacting the company's operations and data security.

About Cellular Plus

Founded in 1998 by Adam Kimmet, Cellular Plus operates primarily in the telecommunications sector, focusing on providing personalized customer service and expertise in wireless communication solutions. The company offers a wide range of Verizon products and services, including smartphones, plans, and accessories, catering to both individual and business needs. With over 20 years of experience, Cellular Plus has built a reputation for problem-solving and fast service, ensuring customer satisfaction.

Attack Overview

The ransomware attack orchestrated by Akira has resulted in the compromise of sensitive information, including personal data of 270 employees, accounting and financial records, and certain client files. Additionally, operating system files have been affected. The attackers have threatened to upload the stolen data after Cellular Plus refused to comply with their demands, highlighting the severe impact on the company's operations and data security.

About Akira Ransomware Group

Akira is a ransomware group that emerged in March 2023, quickly establishing itself as a significant threat in the cybersecurity landscape. The group employs a double-extortion model, involving both data encryption and data theft. Akira typically appends the .akira extension to encrypted files and has been associated with tactics similar to those used by the notorious Conti ransomware group. The group targets both Windows and Linux systems, often gaining initial access through compromised credentials, exploiting vulnerabilities in public-facing services, or via phishing attacks.

Penetration and Impact

Akira's penetration into Cellular Plus's systems likely involved exploiting weak multi-factor authentication and known vulnerabilities in VPNs, particularly targeting Cisco devices. The ransomware uses a combination of ChaCha20 and RSA algorithms for file encryption, while also deleting shadow copies to hinder recovery efforts. The extensive data exfiltration and encryption underscore the severe impact on Cellular Plus's operations and data security.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.