Ransomware Attack on Find Great People (FGP) by Akira Group

Find Great People (FGP), a prominent talent acquisition and human resources consulting firm, has recently fallen victim to a ransomware attack orchestrated by the Akira group. This breach has compromised approximately 32GB of sensitive data, including confidentiality agreements, confidential client data, and employment documents containing comprehensive personal information. The attack poses significant risks to the privacy and security of FGP's clients and employees, potentially leading to severe legal and financial repercussions for the firm.

About Find Great People (FGP)

FGP is a well-established firm in the Business Services sector, specializing in staffing solutions, executive search, and HR consulting. Founded over four decades ago, the company has evolved from a niche executive search firm into a comprehensive provider of staffing, search, and consulting solutions. FGP operates under the guiding principles of "Great, Growth, and Gratitude," which drive its operations and culture. The firm has a significant presence with multiple offices in Greenville, Columbia, Charleston, and Nashville, employing a diverse workforce to meet client needs.

What Makes FGP Stand Out

FGP is recognized for its commitment to connecting exceptional talent with organizations seeking to build strong teams. The firm is particularly noted for its executive search capabilities and its dedication to supporting veterans transitioning into civilian careers. FGP's culture emphasizes gratitude and a people-first approach, fostering deep connections within the community and with clients and candidates alike. This commitment is reflected in their employee satisfaction and community involvement, with many employees actively participating in charitable initiatives.

Vulnerabilities and Attack Overview

FGP's extensive handling of sensitive data, including personal and confidential client information, makes it a prime target for ransomware groups like Akira. The attack on FGP involved the compromise of approximately 32GB of sensitive data, which was then encrypted and held for ransom. The breach highlights the vulnerabilities in FGP's cybersecurity measures, particularly in protecting against unauthorized access and data exfiltration.

About the Akira Ransomware Group

Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. The group uses double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.

Penetration Tactics

Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's unique dark web leak site features a retro 1980s-style green-on-black interface that victims must navigate by typing commands.

• About FGP - Find Great People
• Ransomware Spotlight: Akira - Trend Micro
• Akira Again: The Ransomware That Keeps On Taking - Sophos
• Akira Ransomware: What You Need to Know - Tripwire
• Akira Ransomware - Trellix