Ransomware Hits TRC Worldwide Engineering by Akira Group
Incident Date:
October 3, 2024
Overview
Title
Ransomware Hits TRC Worldwide Engineering by Akira Group
Victim
TRC Worldwide Engineering (Trcww)
Attacker
Akira
Location
First Reported
October 3, 2024
Ransomware Attack on TRC Worldwide Engineering by Akira Group
TRC Worldwide Engineering, a well-established engineering consulting firm, has recently been targeted by the notorious ransomware group Akira. This attack highlights the vulnerabilities faced by companies in the construction and engineering sectors, emphasizing the need for heightened cybersecurity measures.
About TRC Worldwide Engineering
Founded in 1989 and headquartered in Brentwood, Tennessee, TRC Worldwide Engineering is a comprehensive engineering consulting firm. The company employs approximately 316 staff members and reported annual revenues of around $90.3 million. TRC operates across multiple sectors, offering services such as structural engineering, civil transportation engineering, mechanical and electrical engineering, and precast concrete design. The firm is known for its commitment to service, innovation, and quality, which has helped it build long-term relationships within the industry.
Attack Overview
The ransomware attack on TRC Worldwide Engineering was publicly claimed by the Akira group on their dark web leak site. While specific details about the data affected, the ransom demanded, or the method of infiltration have not been disclosed, such attacks typically involve the encryption of critical data, rendering it inaccessible until a ransom is paid. This incident underscores the persistent threat posed by ransomware groups and the potential for significant financial and reputational damage.
About Akira Ransomware Group
Akira is a ransomware variant that emerged in March 2023, quickly gaining notoriety for its sophisticated attack methods. The group employs a hybrid encryption scheme combining the ChaCha20 stream cipher with RSA public-key cryptography. Akira operates using a double-extortion model, where it not only encrypts data but also exfiltrates sensitive information before demanding a ransom. The group is known for targeting larger organizations across various sectors, including education, finance, and healthcare.
Potential Vulnerabilities
TRC Worldwide Engineering's diverse portfolio and extensive operations across the United States may have made it an attractive target for the Akira group. The firm's reliance on state-of-the-art software and innovative design techniques could have presented potential entry points for cybercriminals. Akira is known to exploit vulnerabilities in VPN software and utilize compromised login credentials to gain unauthorized access, which may have been factors in this attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.