IPM Group Hit by Akira Ransomware, 50GB of Data Compromised
Incident Date:
June 12, 2024
Overview
Title
IPM Group Hit by Akira Ransomware, 50GB of Data Compromised
Victim
IPM Group (Multimedia Information & Production Company)
Attacker
Akira
Location
First Reported
June 12, 2024
Ransomware Attack on IPM Group by Akira
Overview of IPM Group
IPM Group, a prominent Belgian media and internet services company, specializes in creating, managing, and distributing multimedia content. Founded in 1991 and headquartered in Etterbeek, Belgium, the company employs 156 people and operates major brands such as La Libre Belgique, La DH-Les Sports, and Paris Match Belgique. IPM Group excels in video and audio production, graphic design, digital marketing, and content management, making it a key player in the French-speaking Belgian media market.
Details of the Attack
On June 13, 2024, IPM Group fell victim to a ransomware attack by the Akira group. The attack resulted in a data breach involving 50GB of sensitive information. Akira, known for its double extortion tactics, likely exfiltrated data before encrypting IPM Group's systems, demanding a ransom for both decryption and data deletion.
About Akira Ransomware Group
Akira is a rapidly growing ransomware family that emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including media, using double extortion tactics. Akira's ransom demands range from $200,000 to over $4 million. The group is known for its retro 1980s-style dark web leak site and sophisticated methods, including unauthorized VPN access and credential theft.
Vulnerabilities and Penetration
IPM Group's extensive digital operations and reliance on multimedia content make it a lucrative target for ransomware groups like Akira. The company's integration of various media platforms, including print, internet, mobile media, and radio, presents multiple entry points for cyber attackers. Akira likely exploited vulnerabilities in IPM Group's network, possibly through unauthorized VPN access or credential theft, to deploy their ransomware.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.