Ransomware Attack on North American Breaker Company by Akira Group

North American Breaker Company (NABCO), a key player in the electrical components distribution sector, has fallen victim to a ransomware attack orchestrated by the notorious Akira group. This incident highlights the vulnerabilities faced by companies in the manufacturing and supply chain industries, emphasizing the need for enhanced cybersecurity measures.

Company Profile and Industry Standing

Founded in 1996 and headquartered in Burbank, California, NABCO is a specialized distributor of electrical components, including circuit breakers, control systems, and safety switches. The company operates through a network of distribution centers across North America, ensuring rapid delivery to its clients, primarily electrical distributors. With approximately 286 employees and an annual revenue of around $11.2 million, NABCO has established itself as a significant player in the wholesale distribution market. Its commitment to providing factory-fresh materials and legacy products, coupled with a three-year warranty, distinguishes it in the industry.

Details of the Attack

The Akira ransomware group claims to have infiltrated NABCO's systems, accessing 100 GB of sensitive data. This breach underscores the persistent threat posed by ransomware groups to critical infrastructure and supply chain entities. The attack on NABCO highlights the ongoing vulnerabilities within the sector, emphasizing the need for enhanced cybersecurity measures to protect against such sophisticated threats.

About the Akira Ransomware Group

Emerging in March 2023, Akira has quickly gained notoriety for its sophisticated attack methods and extensive targeting capabilities. The group employs a hybrid encryption scheme combining ChaCha20 and RSA cryptography, making it a formidable threat. Akira is known for its double-extortion model, where it encrypts data and exfiltrates sensitive information, pressuring victims to pay ransoms ranging from $200,000 to over $4 million. The group has been linked to the defunct Conti ransomware, sharing similar methodologies and tools.

Potential Vulnerabilities and Attack Vectors

NABCO's extensive network of distribution centers and reliance on digital systems for rapid delivery and service may have presented vulnerabilities that Akira exploited. The ransomware group is known for exploiting VPN software vulnerabilities and using compromised login credentials to gain unauthorized access. Once inside, Akira utilizes tools like PowerShell commands to delete volume shadow copies, complicating recovery efforts for victims.

Sources

• North American Breaker Company
• Check Point: Akira Ransomware
• Trend Micro: Ransomware Spotlight - Akira
• Trellix: Akira Ransomware