Critical Ransomware Attack on Amino Transport by Akira Group Disrupts Operations
Incident Date:
July 15, 2024
Overview
Title
Critical Ransomware Attack on Amino Transport by Akira Group Disrupts Operations
Victim
Amino Transport
Attacker
Akira
Location
First Reported
July 15, 2024
Ransomware Attack on Amino Transport by Akira Group
Overview of Amino Transport
Amino Transport, Inc., established in 1999, is a Third-Party Logistics (3PL) company headquartered in Southlake, Texas, with additional offices in Dallas and San Antonio. The company specializes in providing comprehensive logistics solutions across the United States, Canada, and Mexico. Amino Transport has built a reputation for facilitating the movement of products and managing supply chains for shippers in various industries. The company offers services such as transportation management, carrier partnerships, and customized logistics solutions. Their commitment to high-quality service and innovation has driven significant growth and a nationwide presence.
Details of the Ransomware Attack
On July 16, 2024, Amino Transport fell victim to a ransomware attack orchestrated by the Akira ransomware group. The attack targeted the company's domain, shipamino.com. While the exact size of the data leak remains unknown, the incident highlights the increasing threat of ransomware attacks on critical infrastructure and key industry players. The attack has disrupted Amino Transport's operations, potentially affecting their ability to manage logistics and supply chains effectively.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. The group employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million. The group is known for its unique dark web leak site with a retro 1980s-style interface.
Potential Vulnerabilities and Penetration Methods
Amino Transport's extensive network and reliance on digital systems for logistics management make it a prime target for ransomware attacks. Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor, further complicating detection and mitigation efforts. The attack on Amino Transport underscores the importance of robust cybersecurity measures in protecting critical infrastructure and sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.