Ransomware Attack on Bruno Generators S.r.l. by Akira Group

Incident Date:

May 14, 2024

World map

Overview

Title

Ransomware Attack on Bruno Generators S.r.l. by Akira Group

Victim

Bruno Generators S.r.l.

Attacker

Akira

Location

Tribiano, Italy

, Italy

First Reported

May 14, 2024

Ransomware Attack on Bruno Generators S.r.l. by Akira Group

Victim Overview

Bruno Generators S.r.l., a company specializing in the design, manufacturing, and distribution of generators for various applications, including residential, commercial, and industrial use, fell victim to a cyberattack orchestrated by the cybercrime group Akira. The company operates under the umbrella of Bruno Generators Group (BGG), a leading international player in the energy power sector.

Company Profile

Bruno S.r.l. is known for its high-quality products, customization options, and industry-leading performance in terms of energy efficiency, emission containment, soundproofing, and resistance to extreme environmental conditions. Their generators find applications in various sectors such as energy, oil and gas, telecommunications, data centers, shipbuilding, infrastructure, defense, civil protection, and event organization.

Vulnerabilities

Being a prominent player in the energy power sector with a significant global presence, Bruno S.r.l. may have been targeted by threat actors due to the sensitive nature of the data they handle, including client information, financial documents, and project details. The exfiltration of approximately 40 GB of data poses significant risks to the company's privacy, security, and operations.

Attack Details

The cybercrime group Akira utilized ransomware as their attack method against Bruno Generators S.r.l. The victim's website was compromised in the attack. Approximately 40 GB of data, including sensitive information, was exfiltrated during the breach. The specific ransom demand was not disclosed, but the attack highlights the vulnerabilities faced by companies in the manufacturing sector.

Ransomware Group Overview

Akira is a rapidly growing ransomware family that targets small to medium-sized businesses across various sectors, including manufacturing. The group is known for its double extortion tactics, where they steal data before encrypting systems and demand a ransom for decryption and data deletion. Akira has a unique dark web leak site with a retro 1980s-style interface that victims must navigate by typing commands.

Penetration Methods

Akira has been observed using unauthorized access to VPNs, credential theft, lateral movement, and tools like RClone, FileZilla, and WinSCP for data exfiltration. The group has also targeted Linux-based VMware ESXi virtual machines in addition to Windows systems. Their continuous adaptation of tactics poses a significant threat to organizations like Bruno Generators S.r.l.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.