Mahindra Racing UK Limited Hit by Akira Ransomware Attack
Incident Date:
June 4, 2024
Overview
Title
Mahindra Racing UK Limited Hit by Akira Ransomware Attack
Victim
Mahindra Racing UK Limited
Attacker
Akira
Location
First Reported
June 4, 2024
Ransomware Attack on Mahindra Racing UK Limited by Akira Group
Overview of Mahindra Racing UK Limited
Mahindra Racing UK Limited, a medium-sized company based in London, England, is a prominent player in the electric vehicle motorsport sector. The company, incorporated in 2014, focuses on designing, building, and optimizing high-performance electric race cars for the ABB FIA Formula E World Championship. With a turnover of £18M in 2022 and employing between 50 to 250 employees, Mahindra Racing is dedicated to sustainability and innovation in electric mobility.
Details of the Ransomware Attack
The Akira ransomware group has claimed responsibility for a significant cyberattack on Mahindra Racing UK Limited. The attack compromised 114GB of sensitive data, including information on pilots and employees, financial statements, accounting details, NDAs, and car setups. The breach highlights the vulnerabilities in Mahindra Racing's cybersecurity defenses, making them a target for sophisticated threat actors.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that emerged in March 2023. The group is known for targeting small to medium-sized businesses across various sectors, including transportation. Akira employs double extortion tactics, stealing data before encrypting systems and demanding ransoms ranging from $200,000 to over $4 million. The group uses a unique dark web leak site with a retro 1980s-style interface for victims to navigate.
Penetration Tactics and Techniques
The group's operators gain unauthorized access through VPNs, credential theft, and lateral movement within networks. They utilize tools like RClone, FileZilla, and WinSCP for data exfiltration. In some instances, Akira has deployed a previously unreported backdoor. The group's ability to adapt and target both Windows and Linux-based VMware ESXi virtual machines underscores their evolving threat landscape.
Impact on Mahindra Racing
The ransomware attack on Mahindra Racing UK Limited not only jeopardizes sensitive data but also poses a significant threat to their operations and reputation. As a leader in electric vehicle motorsport, the breach could have far-reaching implications for their ongoing projects and collaborations aimed at promoting sustainability and innovation in the automotive industry.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.