Ransomware Attack on Granville Food Care Limited
Incident Date:
May 22, 2024
Overview
Title
Ransomware Attack on Granville Food Care Limited
Victim
Granville Food Care Ltd
Attacker
Akira
Location
First Reported
May 22, 2024
Ransomware Attack on Granville Food Care Limited
Company Overview
Granville Food Care Limited, a leading cold storage provider for the food industry in Northern Ireland, has recently fallen victim to a ransomware attack by the threat actor and ransomware group Akira. The company, incorporated in 1974, offers food safety and quality assurance services to the food industry, including food safety training, auditing, consulting, and certification. With a medium-sized company status and a diverse range of directors, Granville Food Care stands out in the industry for its long history and multiple services provided.
Attack Overview
On May 23, 2024, Granville Food Care Limited experienced a data breach that exposed 20GB of sensitive data, potentially compromising client information and impacting the company's operations. The attack was carried out by the ransomware group Akira, known for targeting small to medium-sized businesses across various sectors using double extortion tactics.
Ransomware Group: Akira
Akira is a rapidly growing ransomware family that emerged in March 2023, affiliated with the now-defunct Conti ransomware gang. The group distinguishes itself by using double extortion tactics, unique dark web leak site with a retro interface, and targeting a wide range of organizations with ransom demands ranging from $200,000 to over $4 million.
Vulnerabilities
Granville Food Care Limited's vulnerabilities in being targeted by threat actors like Akira include unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. The company's systems may have been penetrated through tools like RClone, FileZilla, and WinSCP for data exfiltration, as well as the deployment of a previously unreported backdoor.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.