Electroalfa Hit by Akira Ransomware: 10GB Data Stolen
Incident Date:
July 24, 2024
Overview
Title
Electroalfa Hit by Akira Ransomware: 10GB Data Stolen
Victim
Electroalfa
Attacker
Akira
Location
First Reported
July 24, 2024
Ransomware Attack on Electroalfa by Akira Group
Overview of Electroalfa
Electroalfa, a prominent Romanian company, operates in the manufacturing sector with a specialization in electrical engineering. The company is divided into three primary business units: Electrical Equipment, Steel Fabricated Parts, and EPC (Engineering, Procurement, and Construction) Contractor services. Electroalfa is known for its commitment to quality and innovation, which has established it as a significant player in the industry. The company employs a substantial workforce and has multiple factories and sales branches, although specific figures are not disclosed.
Details of the Attack
Electroalfa has recently fallen victim to a ransomware attack orchestrated by the Akira ransomware group. The cybercriminals have reportedly exfiltrated 10 GB of sensitive data, including project information, client details, and comprehensive personal information of employees. This breach underscores significant vulnerabilities within Electroalfa's cybersecurity infrastructure, highlighting the critical need for enhanced protective measures.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including manufacturing, government, technology, and more. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. The group employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Their ransom demands typically range from $200,000 to over $4 million.
Distinguishing Features of Akira
Akira's dark web leak site features a retro 1980s-style green-on-black interface, requiring victims to navigate by typing commands. The group uses unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. Tools like RClone, FileZilla, and WinSCP are used for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. As of January 2024, Akira has claimed over 250 victims and $42 million in ransomware proceeds.
Potential Vulnerabilities and Penetration Methods
The Akira ransomware group likely penetrated Electroalfa's systems through unauthorized access to VPNs and credential theft. The company's significant size and extensive operations across multiple sectors may have contributed to its vulnerability. The attack highlights the importance of robust cybersecurity measures, including regular updates, employee training, and advanced threat detection systems.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.