Imedi L Targeted: A Closer Look at the Akira Ransomware Attack

Incident Date:

May 2, 2024

World map

Overview

Title

Imedi L Targeted: A Closer Look at the Akira Ransomware Attack

Victim

Imedi L

Attacker

Akira

Location

Tbilisi, Georgia

, Georgia

First Reported

May 2, 2024

Ransomware Attack on Imedi L by Akira Group

Company Profile

Imedi L, officially known as Imedi L JSC, is a prominent health and travel insurance provider based in Tbilisi, Georgia. The company is a key player in the Georgian insurance market, offering a range of insurance products designed to meet the diverse needs of its clientele. Imedi L's services include coverage for medical expenses, trip cancellations, and other travel-related risks, alongside comprehensive health insurance solutions. The company's operations are enhanced by its use of modern technologies, including digital platforms for policy management and customer engagement. Imedi L's commitment to quality and customer-centric products makes it a distinguished entity in Georgia's insurance sector.

Details of the Cyberattack

The Akira ransomware group, known for its affiliation with the defunct Conti ransomware gang, has claimed responsibility for a cyberattack on Imedi L. According to reports, the group has exfiltrated approximately 18 GB of sensitive data. This data includes signed agreements, personal identification documents, accounting records, and detailed financial transactions. Akira's modus operandi involves double extortion tactics, where they not only encrypt the victim's data but also threaten to release it publicly if their ransom demands are not met. The group's approach to targeting Imedi L likely involved sophisticated techniques such as exploiting vulnerabilities in VPNs, credential theft, and lateral movement within the network.

Vulnerabilities and Security Insights

Imedi L's reliance on digital technologies, while beneficial for operational efficiency, may also have exposed them to increased cybersecurity risks. The insurance sector's dependency on large volumes of personal and financial data makes it an attractive target for ransomware groups like Akira. The specific vulnerabilities exploited in this attack have not been disclosed. However, common entry points for such attacks include phishing, inadequate endpoint defenses, and unpatched systems. Imedi L's cybersecurity posture, prior to the attack, and the specifics of their network defense mechanisms remain critical areas for review to prevent future incidents.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.