Ransomware Attack on Granville Food Care Limited

Incident Date:

May 22, 2024

World map

Overview

Title

Ransomware Attack on Granville Food Care Limited

Victim

Granville Food Care Ltd

Attacker

Akira

Location

Dungannon, United Kingdom

, United Kingdom

First Reported

May 22, 2024

Ransomware Attack on Granville Food Care Limited

Company Overview

Granville Food Care Limited, a leading cold storage provider for the food industry in Northern Ireland, has recently fallen victim to a ransomware attack by the threat actor and ransomware group Akira. The company, incorporated in 1974, offers food safety and quality assurance services to the food industry, including food safety training, auditing, consulting, and certification. With a medium-sized company status and a diverse range of directors, Granville Food Care stands out in the industry for its long history and multiple services provided.

Attack Overview

On May 23, 2024, Granville Food Care Limited experienced a data breach that exposed 20GB of sensitive data, potentially compromising client information and impacting the company's operations. The attack was carried out by the ransomware group Akira, known for targeting small to medium-sized businesses across various sectors using double extortion tactics.

Ransomware Group: Akira

Akira is a rapidly growing ransomware family that emerged in March 2023, affiliated with the now-defunct Conti ransomware gang. The group distinguishes itself by using double extortion tactics, unique dark web leak site with a retro interface, and targeting a wide range of organizations with ransom demands ranging from $200,000 to over $4 million.

Vulnerabilities

Granville Food Care Limited's vulnerabilities in being targeted by threat actors like Akira include unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. The company's systems may have been penetrated through tools like RClone, FileZilla, and WinSCP for data exfiltration, as well as the deployment of a previously unreported backdoor.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.