Imetame Group Hit by Major Akira Ransomware Attack

Incident Date:

September 5, 2024

World map

Overview

Title

Imetame Group Hit by Major Akira Ransomware Attack

Victim

Imetame

Attacker

Akira

Location

Aracruz, Brazil

, Brazil

First Reported

September 5, 2024

Imetame Group Falls Victim to Akira Ransomware Attack

Imetame Group, a diversified Brazilian company with operations spanning metalworking, ornamental stones, port services, energy, and oil & gas, has recently been targeted by the notorious Akira ransomware group. The attack has resulted in the exfiltration of approximately 20 GB of highly sensitive data, including personal employee information, client data, project details, contact information, and financial files.

About Imetame Group

Established in 1980, Imetame Group has grown into a significant player in various industries. The company operates through several key sectors, including metalworking, ornamental stones, port operations, and energy. Imetame is known for its commitment to sustainable practices and socio-environmental responsibility, which is reflected in its business operations and community initiatives. The company’s extensive portfolio and diversified operations make it a standout in the Brazilian industrial landscape.

Attack Overview

The Akira ransomware group has claimed responsibility for the attack on Imetame Group via their dark web leak site. The breach has exposed detailed personal data of employees, including scans, as well as client data, project details, contact information, and financial files. The scope of the leaked data underscores the extensive operational footprint of Imetame Group across multiple industries, highlighting the potential for significant operational and reputational damage.

About Akira Ransomware Group

Akira is a ransomware group that emerged in March 2023 and has quickly established itself as a significant threat in the cybersecurity landscape. The group employs a double-extortion model, involving both data encryption and data theft. Akira ransomware typically appends the .akira extension to encrypted files and has been linked to over 250 attacks, resulting in approximately $42 million in ransom payments. The group is known for targeting organizations in various sectors, including manufacturing, education, finance, and healthcare.

Penetration and Vulnerabilities

Akira ransomware is capable of targeting both Windows and Linux systems, including VMware ESXi virtual machines. Initial access is often gained through compromised credentials, exploiting vulnerabilities in public-facing services, or via phishing attacks. In the case of Imetame Group, the ransomware group likely exploited weak multi-factor authentication (MFA) and known vulnerabilities in VPNs, particularly targeting Cisco devices. The attackers then used tools like RDP, PowerShell, and credential dumping tools to navigate through the network, exfiltrating data before encryption.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.