Ransomware Attack on SKC West by Akira Group: Key Details & Impact
Incident Date:
July 24, 2024
Overview
Title
Ransomware Attack on SKC West by Akira Group: Key Details & Impact
Victim
SKC West
Attacker
Akira
Location
First Reported
July 24, 2024
Ransomware Attack on SKC West by Akira Group
Overview of SKC West
SKC West, officially registered as SKC-West, Inc., is a prominent supplier of industrial hygiene, environmental, safety, and air monitoring equipment, primarily serving the West Coast of the United States. Headquartered in Fullerton, California, the company operates within the environmental services industry and employs between 11 to 50 individuals. SKC West is known for its comprehensive range of products, including air sampling pumps, portable instruments, and calibration equipment, catering to various industries requiring precise air quality monitoring and hazardous exposure assessments.
Details of the Attack
Recently, SKC West has fallen victim to a ransomware attack orchestrated by the Akira group. The attackers have compromised a significant amount of sensitive information, including employee data, numerous agreements, confidential files, and financial records. The perpetrators have threatened to make all the stolen data available for download imminently, putting SKC West at risk of severe operational and reputational damage.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Their ransom demands typically range from $200,000 to over $4 million. Akira's dark web leak site features a retro 1980s-style interface that victims must navigate by typing commands.
Penetration and Vulnerabilities
Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's ability to exploit vulnerabilities in VPNs and other network security measures likely facilitated their penetration into SKC West's systems.
Impact on SKC West
The ransomware attack on SKC West has significant implications for the company. Given their role in providing essential air monitoring equipment and services, the compromise of sensitive data could disrupt operations and damage their reputation. The potential release of confidential information poses a severe risk to their clients and partners, highlighting the critical need for robust cybersecurity measures in the business services sector.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.