Ransomware Attack on Notarkammer Pfalz: Akira Group Strikes
Incident Date:
July 23, 2024
Overview
Title
Ransomware Attack on Notarkammer Pfalz: Akira Group Strikes
Victim
Notarkammer Pfalz
Attacker
Akira
Location
First Reported
July 23, 2024
Ransomware Attack on Notarkammer Pfalz by Akira
Overview of Notarkammer Pfalz
Notarkammer Pfalz is a professional organization based in Zweibrücken, Rheinland-Pfalz, Germany, serving the notarial profession. The chamber oversees and regulates the activities of notaries in the Palatinate region, ensuring adherence to legal standards and ethical practices. It plays a crucial role in the legal framework by supporting notaries and providing resources for both professionals and the public. The organization is governed by a Kammerversammlung and an executive board, ensuring effective governance and adherence to legal obligations.
Details of the Ransomware Attack
On July 24, 2024, Notarkammer Pfalz fell victim to a ransomware attack orchestrated by the Akira ransomware group. The attack resulted in a significant data breach, with approximately 200GB of sensitive information being compromised. This incident highlights the growing threat of ransomware attacks on professional and legal institutions, emphasizing the need for robust cybersecurity measures to protect critical data and maintain operational integrity.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. The group is known for its unique dark web leak site with a retro 1980s-style interface and has been linked to the now-defunct Conti ransomware gang.
Penetration and Impact
Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. They use tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The attack on Notarkammer Pfalz underscores the vulnerabilities of professional organizations in being targeted by sophisticated threat actors. The compromised data could have severe implications for the notarial profession and public trust in notarial services.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.