Ransomware Attack on CSG Consultants, Inc. by Akira Group

CSG Consultants, Inc., a prominent civil engineering and municipal services firm based in Foster City, California, has fallen victim to a ransomware attack orchestrated by the notorious Akira group. This incident highlights the ongoing threat posed by ransomware actors to critical infrastructure and service providers.

About CSG Consultants, Inc.

Founded in 1991, CSG Consultants is an employee-owned company specializing in providing a wide array of municipal services exclusively to public agencies. With a workforce of approximately 258 employees and an annual revenue of $15.3 million, the firm has established itself as a leader in civil engineering and project management. CSG's services include building and safety, fire prevention, civil and structural design, construction management, and program modernization. Their commitment to client satisfaction and community service has made them a trusted partner for over 200 communities across California and Nevada.

Attack Overview

The Akira ransomware group claims to have infiltrated CSG Consultants' systems, exfiltrating approximately 15 GB of sensitive data. While the specific nature of the stolen data remains undisclosed, the breach raises significant concerns about data security and operational integrity for the firm. The attack underscores vulnerabilities within the sector, particularly for companies handling critical infrastructure projects.

About Akira Ransomware Group

Emerging in March 2023, Akira has quickly gained notoriety for its sophisticated attack methods and extensive targeting capabilities. The group employs a hybrid encryption scheme combining ChaCha20 and RSA cryptography, and it operates using a double-extortion model. Akira is known for exploiting vulnerabilities in VPN software and using compromised login credentials to gain unauthorized access. The group has been linked to the now-defunct Conti ransomware, sharing similar methodologies and tools.

Potential Vulnerabilities

CSG Consultants' focus on public agency projects may have made them an attractive target for Akira, given the potential impact on critical infrastructure. The firm's extensive involvement in program modernization and organizational change management could present vulnerabilities if not adequately secured. The attack serves as a reminder of the importance of effective cybersecurity measures, particularly for companies in the business services sector.

Sources

• CSG Consultants Services
• Trend Micro: Ransomware Spotlight - Akira
• Check Point: Akira Ransomware
• LinkedIn: CSG Consultants