Ransomware Threat: Akira Group Strikes Studio Libeskind Architect LLC

Incident Date:

May 1, 2024

World map

Overview

Title

Ransomware Threat: Akira Group Strikes Studio Libeskind Architect LLC

Victim

Studio Libeskind

Attacker

Akira

Location

New York, USA

New York, USA

First Reported

May 1, 2024

Ransomware Attack on Studio Libeskind by Akira Group

Company Profile: Studio Daniel Libeskind Architect LLC

Studio Daniel Libeskind Architect LLC, headquartered in New York City, is a globally recognized architecture firm led by Daniel Libeskind. Known for its bold, sculptural designs that integrate with their environments, the studio has crafted numerous iconic structures worldwide. These include the Denver Art Museum extension and the Dresden Museum of Military History. Despite its high profile, the firm's revenue remains below $5 million, positioning it within the small to medium-sized enterprise category in the construction sector.

Details of the Cyberattack

In a recent security breach, Studio Libeskind fell victim to a ransomware attack orchestrated by the Akira group. This incident led to the exfiltration of approximately 18 GB of sensitive data, including joint project details, accounting files, and personal identification documents such as passports. The specifics of the ransom demand have not been disclosed publicly.

Akira Ransomware Group Profile

The Akira ransomware group, emerging in March 2023, is known for its affiliation with the defunct Conti ransomware gang. Akira has targeted a diverse range of sectors and is notorious for its double extortion tactics. This involves stealing sensitive data prior to encrypting the victim's systems and subsequently demanding ransom for both decryption and non-disclosure of the stolen data. The group's demands can range significantly, with past figures spanning from $200,000 to over $4 million.

Potential Vulnerabilities and Attack Vectors

Given the architectural firm's high-profile projects and the sensitive nature of its data, Studio Libeskind presents an attractive target for ransomware groups like Akira. The firm's smaller size and potentially limited cybersecurity resources might have contributed to its vulnerabilities. Akira's known methods include exploiting weaknesses in VPNs, credential theft, and lateral movement within the network, suggesting possible vectors through which they could have penetrated Studio Libeskind's defenses.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.