SWISS CZ s.r.o. Hit by Akira Ransomware Stealing 15GB Data
Incident Date:
September 5, 2024
Overview
Title
SWISS CZ s.r.o. Hit by Akira Ransomware Stealing 15GB Data
Victim
SWISS CZ s.r.o.
Attacker
Akira
Location
First Reported
September 5, 2024
Ransomware Attack on SWISS CZ s.r.o. by Akira Group
SWISS CZ s.r.o., a Czech Republic-based company specializing in the repair and maintenance of electronic and precision equipment, has fallen victim to a ransomware attack by the notorious Akira group. The attack has resulted in the exfiltration of approximately 15GB of sensitive data, including accounting records and employee information.
Company Overview
SWISS CZ s.r.o. operates within the Business Services sector, focusing on the repair and maintenance of electronic devices and precision instruments. The company plays a crucial role in ensuring the operational efficiency of electronic equipment across various industries, thereby reducing downtime and enhancing productivity. Despite its significant contributions, detailed information about the company's size and revenue remains sparse.
Attack Overview
The ransomware attack on SWISS CZ s.r.o. was executed by the Akira group, which has claimed responsibility via their dark web leak site. The attackers have threatened to upload the stolen data, posing a significant data security challenge for the company and its parent organization, ELKO GROUP, which has an annual turnover exceeding 2.2 billion USD.
About Akira Ransomware Group
Akira emerged in March 2023 and has quickly become a significant threat in the cybersecurity landscape. The group employs a double-extortion model, encrypting data and threatening to publish stolen information if ransoms are not paid. Akira's ransomware is known for appending the .akira extension to encrypted files and has been linked to over 250 attacks, resulting in approximately $42 million in ransom payments.
Penetration and Vulnerabilities
Akira typically gains initial access through compromised credentials, exploiting vulnerabilities in public-facing services, or via phishing attacks. The group is known for targeting weak multi-factor authentication (MFA) and vulnerabilities in VPNs, particularly Cisco devices. Once inside the network, Akira uses tools like RDP, PowerShell, and credential dumping tools to navigate and exfiltrate data before encryption.
SWISS CZ s.r.o.'s reliance on electronic equipment and precision instruments makes it a prime target for ransomware groups like Akira. The company's critical role in maintaining operational efficiency for various industries underscores the potential impact of such an attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.