Marigin AG Hit by Akira Ransomware Attack
Incident Date:
May 20, 2024
Overview
Title
Marigin AG Hit by Akira Ransomware Attack
Victim
Marigin AG
Attacker
Akira
Location
First Reported
May 20, 2024
Marigin AG Hit by Akira Ransomware Attack
Company Profile: Marigin AG
Marigin AG, a prominent veterinary clinic headquartered in Feusisberg, Switzerland, offers a range of services for animals including dogs, cats, small animals, and exotics. Established in 2008, the clinic provides advanced medical and surgical treatments, boarding facilities, and specialized services such as MRI, CT, and X-ray scans. Known for its state-of-the-art facilities and 24/7 emergency services, Marigin AG has built a reputation for comprehensive pet care.
Overview of the Attack
In June 2024, Marigin AG became a victim of a ransomware attack by the notorious Akira group. The cybercriminals exfiltrated 60 GB of data, including sensitive client and employee information as well as operational details. The attack was significant given the clinic's extensive database and the critical nature of its services.
Details of the Akira Ransomware Group
The Akira ransomware group emerged in March 2023 and has quickly become a major threat, targeting over 250 organizations and amassing approximately $42 million in ransom payments. Akira's operations span various sectors including healthcare, government, manufacturing, and education, with a notable focus on small- to medium-sized businesses in Europe, North America, and Australia.
Akira is believed to have links to the now-defunct Conti ransomware gang, sharing similar code and tactics. The group employs double extortion methods, stealing data before encrypting systems and demanding ransoms for both decryption and non-disclosure. Their ransom demands range from $200,000 to over $4 million.
Attack Tactics and Techniques
Akira ransomware operators often gain initial access through compromised VPN credentials or by exploiting vulnerabilities in VPN software. Once inside the network, they use tools like RClone, FileZilla, and WinSCP for data exfiltration. The group is also known for disabling security defenses to avoid detection and maintaining persistence using tools like AnyDesk and custom-made Trojans.
The group's shift in tactics includes the deployment of a Linux variant targeting VMware ESXi virtual machines, expanding their attack surface significantly. Akira typically leaves no initial ransom demand on compromised networks, instead contacting victims directly to negotiate payments in Bitcoin.
Implications and Industry Impact
The attack on Marigin AG highlights the vulnerabilities within the healthcare sector, particularly for organizations heavily reliant on technology and sensitive data. The breach underscores the importance of robust cybersecurity measures, including multifactor authentication, regular software updates, and vigilant monitoring for unusual activities.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.