Healthcare Architectural Firm Hit by Akira Ransomware Attack
Incident Date:
June 3, 2024
Overview
Title
Healthcare Architectural Firm Hit by Akira Ransomware Attack
Victim
Anderson Mikos Architects ltd.
Attacker
Akira
Location
First Reported
June 3, 2024
Ransomware Attack on Anderson Mikos Architects Ltd. by Akira Group
Overview of Anderson Mikos Architects Ltd.
Anderson Mikos Architects Ltd. is a professional architectural firm specializing in healthcare design. The company, based in Oak Brook, Illinois, employs 35 people and generates a revenue of $6 million. They focus on creating environments that enhance the well-being of patients, staff, and visitors through a client-centered approach and evidence-based design principles. Their services include the design of hospitals, outpatient clinics, medical office buildings, and specialized treatment centers.
Details of the Ransomware Attack
On June 3, 2024, the Akira ransomware group executed an attack on Anderson Mikos Architects Ltd., resulting in the leak of approximately 15 GB of sensitive data. The compromised files include HR information, financial data, accounting records, and project-related documents. This breach highlights the vulnerabilities of small to medium-sized businesses in the healthcare sector, which often handle sensitive and valuable data.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including healthcare, using double extortion tactics. Akira's ransom demands typically range from $200,000 to over $4 million. The group is known for its unique dark web leak site with a retro 1980s-style interface and has claimed over 250 victims and $42 million in ransomware proceeds as of January 2024.
Penetration Tactics
Akira employs various tactics to penetrate systems, including unauthorized access to VPNs, credential theft, and lateral movement. They use tools like RClone, FileZilla, and WinSCP for data exfiltration and have been observed deploying a previously unreported backdoor. The group's ability to adapt and target both Windows and Linux-based VMware ESXi virtual machines makes them a significant threat.
Vulnerabilities and Impact
Anderson Mikos Architects Ltd.'s focus on healthcare design makes them a prime target for ransomware groups like Akira, given the sensitive nature of the data they handle. The attack underscores the importance of robust cybersecurity measures, especially for firms dealing with critical sectors such as healthcare.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.