Ransomware Attack by Akira Group Hits Waterbury Newton Law Firm

Incident Date:

June 26, 2024

World map

Overview

Title

Ransomware Attack by Akira Group Hits Waterbury Newton Law Firm

Victim

Waterbury Newton

Attacker

Akira

Location

Kentville, Canada

, Canada

First Reported

June 26, 2024

Ransomware Attack on Waterbury Newton by Akira Group

Overview of Waterbury Newton

Waterbury Newton is a well-established law firm based in Kentville, Nova Scotia, Canada. With over 60 years of history, the firm provides a comprehensive range of legal services tailored to meet the needs of individuals, businesses, and organizations. Their areas of expertise include family law, real estate law, corporate and commercial law, wills and estates, and litigation. The firm is known for its commitment to delivering personalized and effective legal solutions, ensuring client satisfaction through a collaborative approach.

Details of the Ransomware Attack

On June 27, 2024, Waterbury Newton fell victim to a ransomware attack orchestrated by the Akira ransomware group. The attack was publicly claimed by Akira on their dark web leak site. The extent of the data breach remains unknown, and it is unclear what specific data may have been compromised. Given the sensitive nature of the legal services provided by Waterbury Newton, the potential impact on their clients could be significant.

About the Akira Ransomware Group

Akira is a relatively new but rapidly growing ransomware family that first emerged in March 2023. The group has been targeting small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code.

Akira employs double extortion tactics, stealing data from victims before encrypting their systems and demanding a ransom for both decryption and data deletion. Their ransom demands typically range from $200,000 to over $4 million. The group is known for its unique dark web leak site, which features a retro 1980s-style green-on-black interface that victims must navigate by typing commands.

Potential Vulnerabilities and Attack Vectors

Waterbury Newton, like many law firms, handles a significant amount of sensitive and confidential information, making them an attractive target for ransomware groups like Akira. The firm's reliance on digital systems for managing client data, legal documents, and communications could have presented multiple entry points for the attackers. Akira's tactics often include unauthorized access to VPNs, credential theft, and lateral movement within the network to deploy the ransomware. They have also been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration.

In some cases, Akira has deployed a previously unreported backdoor, further complicating the detection and mitigation of their attacks. The group's ability to adapt and target both Windows systems and Linux-based VMware ESXi virtual machines highlights their evolving threat landscape.

Implications for Waterbury Newton

The ransomware attack on Waterbury Newton underscores the growing threat of cyberattacks on law firms and other organizations handling sensitive information. The potential exposure of confidential client data could have severe legal and reputational consequences for the firm. As the investigation into the breach continues, Waterbury Newton will need to assess the full extent of the damage and take appropriate measures to secure their systems and protect their clients' information.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.