Ransomware Attack on Boni Supermarkt by Akira Group Disrupts Operations
Incident Date:
August 14, 2024
Overview
Title
Ransomware Attack on Boni Supermarkt by Akira Group Disrupts Operations
Victim
Boni Supermarkt
Attacker
Akira
Location
First Reported
August 14, 2024
Ransomware Attack on Boni Supermarkt by Akira Group
Boni Supermarkt, a well-regarded regional supermarket chain in the Netherlands, has recently fallen victim to a ransomware attack orchestrated by the Akira ransomware group. This incident underscores the increasing threat posed by cybercriminals to businesses across various sectors.
About Boni Supermarkt
Boni Supermarkt operates primarily in the Gelderland region of the Netherlands, with a network of 42 stores. Established in 1972, the company has built a reputation for providing high-quality products at competitive prices. Boni Supermarkt employs approximately 2,400 staff members and emphasizes customer satisfaction, which has contributed to its sustained success. The supermarket chain is known for its commitment to quality, customer service, and community engagement, as evidenced by its recent accolades and proactive measures in food safety.
Attack Overview
The ransomware attack on Boni Supermarkt occurred last week, resulting in a significant disruption of their computer systems. According to spokesperson Helma Lohuis, an unauthorized third party infiltrated part of Boni's systems, leading to a major computer failure. This incident has severely impacted the operations of the supermarket chain, highlighting the vulnerabilities that businesses face in the digital age.
About Akira Ransomware Group
Akira is a relatively new but rapidly growing ransomware family that emerged in March 2023. The group has been targeting small to medium-sized businesses across Europe, North America, and Australia. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. The group employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.
Distinctive Tactics and Penetration Methods
Akira distinguishes itself with a unique dark web leak site featuring a retro 1980s-style interface. The group uses various tactics to penetrate systems, including unauthorized access to VPNs, credential theft, and lateral movement. Tools like RClone, FileZilla, and WinSCP are used for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group has also expanded its operations to target Linux-based VMware ESXi virtual machines in addition to Windows systems.
Potential Vulnerabilities
Boni Supermarkt's reliance on digital systems for its operations made it a target for the Akira ransomware group. The attack highlights the importance of strong cybersecurity measures, especially for businesses in the retail sector that handle significant amounts of customer data and rely on seamless operational systems.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.