Cyber Attack on Best Reward Federal Credit Union by Akira Group: A Ransomware Threat to Financial Institutions
Incident Date:
April 15, 2024
Overview
Title
Cyber Attack on Best Reward Federal Credit Union by Akira Group: A Ransomware Threat to Financial Institutions
Victim
Best Reward Federal Credit Union
Attacker
Akira
Location
First Reported
April 15, 2024
Ransomware Attack on Best Reward Federal Credit Union by Akira Group
Company Overview
Best Reward Federal Credit Union, a member-owned financial cooperative, provides a variety of financial services including loans, deposit rates, and mobile banking solutions. As of mid-2023, it boasts a membership of 12,512 with an average share balance per member of $9,911. The institution is noted for its robust financial health, with a total operating income reaching $4,375,030 in 2022. It is federally insured by the National Credit Union Administration (NCUA) and emphasizes safety, soundness, and transparency in its operations.
Details of the Cyber Attack
The ransomware group Akira, known for its affiliation with the defunct Conti ransomware gang, has targeted Best Reward Federal Credit Union. This attack involved the exfiltration of sensitive data including financial documents and personal information of thousands of members such as names, Social Security Numbers, addresses, emails, and phone numbers.
Vulnerabilities and Targeting
The credit union's significant member base and the extensive amount of sensitive financial data it handles make it an attractive target for cybercriminals like the Akira group. Despite its strong financial standing and security measures, the inherent risks associated with handling large volumes of personal and financial data may have contributed to its vulnerability to such sophisticated ransomware attacks.
Akira Ransomware Group Profile
Akira, emerging in early 2023, has quickly gained notoriety for targeting a wide range of sectors with its double extortion tactics. The group's method involves stealing data prior to encrypting the victim's systems, demanding ransoms for both decryption and non-disclosure of the stolen data. Their operations have expanded to include attacks on Linux-based VMware ESXi virtual machines, showing their adaptability and increasing threat level.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.