Ransomware Attack on Inland Audio Visual by Akira Group Exposes Sensitive Data

Incident Date:

July 9, 2024

World map

Overview

Title

Ransomware Attack on Inland Audio Visual by Akira Group Exposes Sensitive Data

Victim

Inland Audio Visual

Attacker

Akira

Location

CentrePort, Canada

, Canada

First Reported

July 9, 2024

Ransomware Attack on Inland Audio Visual by Akira Group

Overview of Inland Audio Visual

Inland Audio Visual, commonly known as Inland AV, is a leading provider of audiovisual solutions based in Western Canada. Established in 1937, the company has grown to operate five locations across the Canadian Prairies, including Calgary, Edmonton, and Regina. Inland AV specializes in consultation, sales, integration, rentals, and event production services, catering to both corporate and individual clients. The company is renowned for its commitment to quality, customer service, and technological innovation.

Details of the Ransomware Attack

Inland Audio Visual recently fell victim to a ransomware attack orchestrated by the Akira group. The attackers reportedly exfiltrated 10GB of sensitive data, including employee personal files, non-disclosure agreements, contracts, confidential documents, and financial information. This breach has exposed a significant amount of critical and private data, underscoring the severe security challenges faced by the company.

About the Akira Ransomware Group

Akira is a rapidly growing ransomware family that emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. The group's ransom demands typically range from $200,000 to over $4 million. Akira's dark web leak site features a retro 1980s-style interface, requiring victims to navigate by typing commands.

Penetration and Attack Tactics

Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. The group uses tools like RClone, FileZilla, and WinSCP for data exfiltration and has been observed deploying a previously unreported backdoor. In April 2023, Akira expanded its operations to target Linux-based VMware ESXi virtual machines in addition to Windows systems. The group's ability to adapt and evolve its tactics makes it a significant threat to organizations.

Vulnerabilities and Impact

Inland Audio Visual's extensive operations and reliance on advanced audiovisual technologies may have made it an attractive target for the Akira group. The breach has not only compromised sensitive data but also highlighted potential vulnerabilities in the company's cybersecurity measures. The attack serves as a stark reminder of the growing threat posed by sophisticated ransomware groups and the importance of robust cybersecurity defenses.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.