Marigin AG Hit by Akira Ransomware Attack

Company Profile: Marigin AG

Marigin AG, a prominent veterinary clinic headquartered in Feusisberg, Switzerland, offers a range of services for animals including dogs, cats, small animals, and exotics. Established in 2008, the clinic provides advanced medical and surgical treatments, boarding facilities, and specialized services such as MRI, CT, and X-ray scans. Known for its state-of-the-art facilities and 24/7 emergency services, Marigin AG has built a reputation for comprehensive pet care.

Overview of the Attack

In June 2024, Marigin AG became a victim of a ransomware attack by the notorious Akira group. The cybercriminals exfiltrated 60 GB of data, including sensitive client and employee information as well as operational details. The attack was significant given the clinic's extensive database and the critical nature of its services.

Details of the Akira Ransomware Group

The Akira ransomware group emerged in March 2023 and has quickly become a major threat, targeting over 250 organizations and amassing approximately $42 million in ransom payments. Akira's operations span various sectors including healthcare, government, manufacturing, and education, with a notable focus on small- to medium-sized businesses in Europe, North America, and Australia.

Akira is believed to have links to the now-defunct Conti ransomware gang, sharing similar code and tactics. The group employs double extortion methods, stealing data before encrypting systems and demanding ransoms for both decryption and non-disclosure. Their ransom demands range from $200,000 to over $4 million.

Attack Tactics and Techniques

Akira ransomware operators often gain initial access through compromised VPN credentials or by exploiting vulnerabilities in VPN software. Once inside the network, they use tools like RClone, FileZilla, and WinSCP for data exfiltration. The group is also known for disabling security defenses to avoid detection and maintaining persistence using tools like AnyDesk and custom-made Trojans.

The group's shift in tactics includes the deployment of a Linux variant targeting VMware ESXi virtual machines, expanding their attack surface significantly. Akira typically leaves no initial ransom demand on compromised networks, instead contacting victims directly to negotiate payments in Bitcoin.

Implications and Industry Impact

The attack on Marigin AG highlights the vulnerabilities within the healthcare sector, particularly for organizations heavily reliant on technology and sensitive data. The breach underscores the importance of robust cybersecurity measures, including multifactor authentication, regular software updates, and vigilant monitoring for unusual activities.

Sources

• SC Media: Akira ransomware group's changing tactics
• The Record: Akira ransomware gang made $42 million from 250 attacks since March 2023
• Bleeping Computer: FBI: Akira ransomware raked in $42 million from 250+ victims