Ocasa Hit by Akira Ransomware: Impact on Logistics and Data Security

Incident Date:

June 27, 2024

World map

Overview

Title

Ocasa Hit by Akira Ransomware: Impact on Logistics and Data Security

Victim

Ocasa

Attacker

Akira

Location

Buenos Aires, Argentina

, Argentina

First Reported

June 27, 2024

Ransomware Attack on Ocasa by Akira Group

Overview of Ocasa

Ocasa Inc. is a prominent logistics and supply chain management company headquartered in Miami, Florida. Founded in 1982, Ocasa has over 39 years of experience in providing comprehensive logistics solutions, particularly for the life sciences industry. The company employs between 1,000 to 4,999 people and operates major distribution centers in La Plata, Sarandí, and Avellaneda. Ocasa's services include transportation, warehousing, inventory management, and last-mile delivery, leveraging advanced technology and data analytics to enhance efficiency and reduce costs.

What Makes Ocasa Stand Out

Ocasa is known for its expertise in managing the end-to-end transportation process, including both domestic and international shipping. Their robust warehousing solutions feature state-of-the-art technology for effective inventory management. Ocasa excels in last-mile delivery, a critical component of the supply chain, especially in the e-commerce sector. Their use of sophisticated tracking and monitoring systems provides real-time updates on shipment status, ensuring transparency and operational efficiency.

Vulnerabilities and Targeting by Threat Actors

Despite their advanced technological infrastructure, Ocasa's extensive network and reliance on digital systems make them vulnerable to cyberattacks. The company's role in delivering sensitive items such as credit and debit cards, driver's licenses, and other parcels makes them an attractive target for ransomware groups like Akira. The potential exposure of personal data of Argentine citizens who received deliveries through Ocasa further heightens the risk.

Details of the Ransomware Attack

Ocasa recently fell victim to a ransomware attack by the Akira ransomware group, which took its website offline. The attack involved encrypting data and demanding a ransom in cryptocurrency. Initially, Ocasa did not comment on the operational impact, but later released a statement acknowledging the cyberattack and the activation of their security protocol. They assured that, based on their initial assessment, no data breaches had occurred and that they were taking necessary measures to protect their operations and information security. IT teams have been working to recover affected information, with the website still down at the time of the report.

Impact on Ocasa and Its Partners

The ransomware attack also impacted other companies within the Ocasa group, including Direxa, which offers custom logistics solutions. Ocasa's strategic partners, such as Staples and Brandlive, were also mentioned in the context of the attack. The disruption of Ocasa's operations has raised concerns about the potential exposure of personal data and the overall impact on their logistics services.

Profile of the Akira Ransomware Group

Akira is a new and rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira operators use double extortion tactics, stealing data from victims before encrypting their systems and demanding a ransom for both decryption and data deletion. Their ransom demands typically range from $200,000 to over $4 million.

Distinguishing Features of Akira

Akira's dark web leak site features a retro 1980s-style green-on-black interface that victims must navigate by typing commands. The group employs tactics such as unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. As of January 2024, the group has claimed over 250 victims and $42 million in ransomware proceeds.

Penetration of Ocasa's Systems

While the exact method of penetration in Ocasa's case is not publicly disclosed, Akira's known tactics include exploiting vulnerabilities in VPNs and stealing credentials to gain unauthorized access. Once inside the network, they move laterally to deploy the ransomware and exfiltrate data. The attack on Ocasa underscores the importance of robust cybersecurity measures and the need for continuous monitoring and updating of security protocols.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.