Ransomware Attack on Fiskars Group by Akira

Incident Date:

May 14, 2024

World map

Overview

Title

Ransomware Attack on Fiskars Group by Akira

Victim

Fiskars Group

Attacker

Akira

Location

Middleton, USA

Wisconsin, USA

First Reported

May 14, 2024

Ransomware Attack on Fiskars Group by Akira

Victim Overview

Fiskars Group, a Finnish consumer goods company founded in 1649, fell victim to a cyberattack orchestrated by the ransomware group Akira. The company operates in the Consumer Services sector and is known for its diverse product portfolio, including scissors, gardening tools, kitchenware, and outdoor equipment. Fiskars Group employs around 6,595 people in over 30 countries and reported revenue of €1.25 billion.

Company Standout

The company is notable for its iconic orange-handled scissors introduced in 1967. The company has made significant acquisitions over the years, strengthening its position in various markets.

Company Vulnerabilities

As a leading consumer goods company with a global presence, Fiskars Group's extensive operations and valuable data make it an attractive target for threat actors like Akira. The company's large workforce and diverse product range may have provided multiple entry points for the ransomware group to exploit.

Attack Overview

Fiskars Group's website was compromised in the cyberattack by Akira. Approximately 2 TB of data was exfiltrated during the incident, highlighting the severity of the breach and the potential risks to the company's operations and data security.

Ransomware Group Akira

Akira is a rapidly growing ransomware family that targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, and more. The group employs double extortion tactics, stealing data before encrypting systems and demanding ransom for decryption and data deletion.

Distinctive Features of Akira

The ransomware group distinguishes itself with ransom demands ranging from $200,000 to over $4 million and a unique dark web leak site with a retro 1980s-style interface. The group has been observed using unauthorized access to VPNs, credential theft, and deploying a previously unreported backdoor.

Penetration Methods

The group of cybercriminals has targeted both Windows and Linux-based systems, expanding its operations to include VMware ESXi virtual machines. The group continuously adapts its tactics to exploit vulnerabilities in organizations, making it a significant and evolving ransomware threat.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.