siParadigm Diagnostic Informatics Hit by Akira Ransomware Attack
Incident Date:
July 23, 2024
Overview
Title
siParadigm Diagnostic Informatics Hit by Akira Ransomware Attack
Victim
siParadigm Diagnostic Informatics
Attacker
Akira
Location
First Reported
July 23, 2024
Ransomware Attack on siParadigm Diagnostic Informatics by Akira Group
Overview of siParadigm Diagnostic Informatics
siParadigm Diagnostic Informatics, established in 2004 and headquartered in Pine Brook, New Jersey, is a leading company in the field of precision oncology diagnostic informatics. The company specializes in advanced diagnostic techniques such as next-generation sequencing (NGS), polymerase chain reaction (PCR), cytogenetics, flow cytometry, and immunohistochemistry (IHC). These methodologies enable the detection of actionable genetic variants in patients with advanced cancer, facilitating personalized medicine strategies. siParadigm operates as a specialty reference laboratory, providing extensive support to healthcare professionals with a commitment to service, integrity, and regulatory compliance.
Details of the Ransomware Attack
siParadigm Diagnostic Informatics has recently fallen victim to a ransomware attack orchestrated by the Akira ransomware group. The attackers have reportedly exfiltrated a substantial 141 GB of sensitive data. This data includes personal information such as passports, non-disclosure agreements (NDAs), confidential agreements, medical reports, driver licenses, birth certificates, social security numbers, and other personal documents. Additionally, financial information and client details were also compromised in the breach. The incident highlights the critical need for robust cybersecurity measures to protect against sophisticated threats.
About the Akira Ransomware Group
The Akira ransomware group emerged in March 2023 and has been targeting small to medium-sized businesses across various sectors, including healthcare. The group is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. Akira operators use double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Their ransom demands typically range from $200,000 to over $4 million. Akira's dark web leak site features a retro 1980s-style interface that victims must navigate by typing commands.
Penetration and Vulnerabilities
Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's ability to target both Windows systems and Linux-based VMware ESXi virtual machines demonstrates their evolving capabilities. The attack on siParadigm underscores the vulnerabilities in healthcare organizations, which often hold vast amounts of sensitive data, making them attractive targets for ransomware groups.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.