Ransomware Attack on American Acryl by Akira Group
Incident Date:
July 24, 2024
Overview
Title
Ransomware Attack on American Acryl by Akira Group
Victim
American Acryl
Attacker
Akira
Location
First Reported
July 24, 2024
Ransomware Attack on American Acryl by Akira Group
Overview of American Acryl
American Acryl L.P. is a prominent player in the chemical manufacturing industry, specializing in the production of acrylic acid and related polymers. The company operates a facility in Bayport, Texas, and is a joint venture between Nippon Shokubai America Industries, Inc. and Arkema Inc. This partnership enhances its operational capabilities and market reach. American Acryl employs approximately 51 individuals and reported an annual revenue of about $15 million in 2023.
Core Operations and Product Range
At its Bayport facility, American Acryl manufactures acrylic acid by reacting propylene with oxygen under controlled conditions. The acrylic acid produced is used in various applications, including personal care items, household products, and superabsorbent polymers essential for disposable diapers. The company also produces water-soluble polymers and polymers for concrete admixture, contributing significantly to various consumer products.
Environmental and Community Engagement
American Acryl emphasizes safety and environmental responsibility, collaborating with local chemical manufacturers and community organizations to prepare for potential emergencies. The company engages in regular educational initiatives about safety protocols and environmental practices, working closely with local first responders to ensure readiness for any incidents.
Details of the Ransomware Attack
On July 25, 2024, American Acryl fell victim to a ransomware attack orchestrated by the Akira ransomware group. The breach highlights the growing threat of cyberattacks on industrial manufacturers. While the exact size of the data leak remains unknown, the incident underscores the vulnerabilities in the manufacturing sector, particularly for companies like American Acryl that operate continuously and handle critical chemical processes.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including manufacturing. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. The group employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.
Penetration Tactics
Akira operators use unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group expanded its operations in April 2023 to target Linux-based VMware ESXi virtual machines in addition to Windows systems.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.