Ransomware Attack on Granville Food Care Limited

Company Overview

Granville Food Care Limited, a leading cold storage provider for the food industry in Northern Ireland, has recently fallen victim to a ransomware attack by the threat actor and ransomware group Akira. The company, incorporated in 1974, offers food safety and quality assurance services to the food industry, including food safety training, auditing, consulting, and certification. With a medium-sized company status and a diverse range of directors, Granville Food Care stands out in the industry for its long history and multiple services provided.

Attack Overview

On May 23, 2024, Granville Food Care Limited experienced a data breach that exposed 20GB of sensitive data, potentially compromising client information and impacting the company's operations. The attack was carried out by the ransomware group Akira, known for targeting small to medium-sized businesses across various sectors using double extortion tactics.

Ransomware Group: Akira

Akira is a rapidly growing ransomware family that emerged in March 2023, affiliated with the now-defunct Conti ransomware gang. The group distinguishes itself by using double extortion tactics, unique dark web leak site with a retro interface, and targeting a wide range of organizations with ransom demands ranging from $200,000 to over $4 million.

Vulnerabilities

Granville Food Care Limited's vulnerabilities in being targeted by threat actors like Akira include unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. The company's systems may have been penetrated through tools like RClone, FileZilla, and WinSCP for data exfiltration, as well as the deployment of a previously unreported backdoor.

Sources:

• Company House - Granville Food Care Limited
• Trend Micro - Ransomware Spotlight: Akira
• Sophos - Akira: The Ransomware That Keeps on Taking