The Impact of Akira Ransomware on M2E Consulting Engineers: A Closer Look
Incident Date:
May 6, 2024
Overview
Title
The Impact of Akira Ransomware on M2E Consulting Engineers: A Closer Look
Victim
M2E Consulting Engineers
Attacker
Akira
Location
First Reported
May 6, 2024
Ransomware Attack on M2E Consulting Engineers by Akira Group
Company Profile: M2E Consulting Engineers
M2E Consulting Engineers, established in 2005 and headquartered in Miami, is a prominent player in the engineering sector, particularly known for its multi-disciplinary approach covering civil, structural, MEP, and forensic engineering. With offices across Florida, including Miami, Fort Lauderdale, Palm Beach, and Orlando, M2E serves a diverse clientele ranging from property managers to construction companies and developers. The firm is celebrated for its commitment to delivering innovative and technically sound engineering solutions, earning accolades such as "Best in Business" by Inc. Magazine and "Top 25 Engineering Firm" by the South Florida Business Journal.
Details of the Ransomware Attack
The Akira ransomware group, known for its affiliation with the defunct Conti ransomware gang, has recently targeted M2E Consulting Engineers. Utilizing sophisticated double extortion tactics, Akira compromised the firm's systems, encrypting data and threatening to leak sensitive information unless a ransom is paid. This attack not only jeopardizes the firm's operational integrity but also the confidentiality of critical client and project data.
Vulnerabilities and Potential Entry Points
The attacked company's extensive digital footprint and reliance on interconnected systems for project management and client communication might have exposed them to increased cybersecurity risks. Akira's known methods of attack include exploiting VPN vulnerabilities, credential theft, and lateral movement within the network, suggesting possible vectors used in this incident. The firm's high-profile status and data-rich environment make it an attractive target for ransomware operators seeking substantial payouts.
Distinctive Tactics of Akira Ransomware Group
Akira distinguishes itself through a unique modus operandi that includes a retro-style command interface on its leak site and a preference for targeting Linux-based VMware ESXi virtual machines alongside Windows systems. The group's rapid adaptation to different technological environments and its aggressive expansion indicate a highly capable and evolving threat actor within the cybersecurity landscape.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.