Ransomware Attack on Empereon Constar: 800GB Data Breach by Akira
Incident Date:
July 25, 2024
Overview
Title
Ransomware Attack on Empereon Constar: 800GB Data Breach by Akira
Victim
Empereon Constar
Attacker
Akira
Location
First Reported
July 25, 2024
Ransomware Attack on Empereon Constar by Akira Group
Overview of Empereon Constar
Empereon Constar is a prominent business process outsourcing (BPO) company headquartered in Phoenix, Arizona. Formed through the merger of Empereon Marketing and Constar Financial Services, the company specializes in providing comprehensive customer engagement and management solutions across various sectors, including telecommunications, finance, and retail. With a workforce of over 4,000 employees and ten strategic sites, Empereon Constar manages more than five million customer interactions annually. The company is known for its operational excellence, driven by advanced technologies and a commitment to quality service.
Details of the Ransomware Attack
Empereon Constar recently fell victim to a ransomware attack orchestrated by the Akira ransomware group. The cybercriminals reportedly exfiltrated a substantial 800 GB of sensitive data, including SQL databases containing clients' information, employee files, and detailed financial records. This breach poses significant risks to the privacy and security of both the company's clients and employees, highlighting the critical need for robust cybersecurity measures.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, as their code shares similarities. The group uses double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.
Penetration and Tactics
Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. In April 2023, Akira expanded its operations to target Linux-based VMware ESXi virtual machines in addition to Windows systems. As of January 2024, the group has claimed over 250 victims and $42 million in ransomware proceeds.
Vulnerabilities and Impact
Empereon Constar's extensive data handling and customer interactions make it a lucrative target for ransomware groups like Akira. The company's reliance on advanced technologies and real-time analytics, while beneficial for operational excellence, also presents potential vulnerabilities if not adequately secured. The breach underscores the importance of robust cybersecurity measures to protect sensitive data and maintain client trust.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.