Jinny Corporation Hit by Akira Ransomware: 400GB Data Compromised
Incident Date:
August 21, 2024
Overview
Title
Jinny Corporation Hit by Akira Ransomware: 400GB Data Compromised
Victim
Jinny Corporation
Attacker
Akira
Location
First Reported
August 21, 2024
Ransomware Attack on Jinny Corporation by Akira Group
About Jinny Corporation
Founded in 1981 and headquartered in Doraville, Georgia, Jinny Corporation, also known as Jinny Beauty Supply, is recognized as the largest distributor of health and beauty aid products globally. The company operates nine locations across the United States, with a total warehouse space exceeding 1.5 million square feet. Jinny Corporation offers an extensive inventory of over 60,000 stock-keeping units (SKUs) from more than 400 domestic and international manufacturers. The company reported an annual revenue of approximately $500 million in 2023 and employs around 72 individuals.
Jinny Corporation stands out in the beauty supply sector due to its vast selection of products, extensive distribution network, and strong focus on multicultural beauty needs. The company’s operational efficiency, with a high in-stock ratio of about 94% and an order processing accuracy of 98.9%, allows it to offer next-day delivery services, enhancing customer satisfaction and supporting business partners effectively.
Attack Overview
The Akira ransomware group, which emerged in March 2023, has claimed responsibility for the attack on Jinny Corporation. The group is known for targeting small to medium-sized businesses across various sectors, including retail, government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion.
In this attack, Akira claims to have accessed 400 GB of Jinny Corporation's data. The breach poses significant risks to the privacy and security of the company's employees and business operations. The stolen data includes personal employee information, confidential files, financial and accounting records, numerous NDAs, and other sensitive research-related information.
About Akira Ransomware Group
Akira is a rapidly growing ransomware family believed to be affiliated with the now-defunct Conti ransomware gang. The group distinguishes itself with a unique dark web leak site featuring a retro 1980s-style green-on-black interface. Akira's ransom demands typically range from $200,000 to over $4 million. The group uses unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. They have also been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration and have expanded operations to target Linux-based VMware ESXi virtual machines in addition to Windows systems.
As of January 2024, Akira has claimed over 250 victims and $42 million in ransomware proceeds, making it a significant and rapidly evolving ransomware threat.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.