The Akira ransomware group claims to have breached a shiny new list of corporate victims. Not one of the 11 companies added to the group’s data leak site is particularly large, but there is indeed a common denominator.
As is usually the case, the threat actor is threatening to release sensitive information if their ransom demands aren’t met.
Akira hasn’t yet posted any data samples on its leak site, signalling its readiness to try negotiating with the targeted companies for a ransom payment first.
Almost all of the alleged victims are US-based companies. One is from Canada, though, and another is headquartered in Switzerland. Cybernews has reached out to some of the companies for comment and will update the article once a reply is received.
Ripe for easy targeting
The allegedly compromised data varies between victims but includes a wide range of sensitive corporate and personal information. The types of data threatened for release include:
- Full names, dates of birth, addresses, emails, and phone numbers
- Social Security numbers, passport, and driver’s license details
- W-9 forms and other tax documents
- Employee and customer personal information
- Medical information, including tests and prescriptions
- Corporate financial data, including audits, invoices, and credit card information
- Confidential contracts, agreements, and Non-Disclosure Agreements
- Aircraft maintenance information
They’re all quite similar, by the way. For instance, Burke Contracting offers construction management services, and Tom Duffy Company specializes in floor covering supplies and installations.
Pawling designs specialty doors, and Bugnard is a Swiss market leader for equipment used in installing electrical and telecommunication networks. In other words, they’re all building or fixing something.
According to NordLayer, a cloud-based network access and security platform, construction companies are attractive targets for hackers because they store valuable financial and client information – the type of data that thieves love to discover.
PwC's 2024 Cyber Threats report found that 76% of cyber-attacks against construction companies are motivated by financial gain, 12% were linked to espionage, and 9% were connected to sabotage.
“Smaller firms in aviation, construction, and manufacturing often overlook cybersecurity, lacking both best practices and employee training in essential cyber hygiene such as regularly updating passwords and avoiding suspicious email links,” said Aras Nazarovas, Cybernews Senior Information Security Researcher.
“This creates an environment where these firms become easy targets for groups like Akira.”
"Smaller firms in aviation, construction, and manufacturing often overlook cybersecurity, lacking both best practices and employee training in essential cyber hygiene,"
Aras Nazarovas
Nazarovas thinks, though, that most of the companies were likely not directly targeted by the ransomware gang.
“They were rather some of the easiest to exploit software vulnerabilities, leaked credentials, and social engineering techniques against,” he said.
What is Akira?
The Akira ransomware gang emerged in 2023. It operates as a ransomware-as-a-service (RaaS), where affiliates use the Akira malware to encrypt the data of victim organizations. They then demand a ransom in exchange for a decryption key.
In less than three years, Akira has grown into one of the most productive cybercrime rings globally, prompting the world’s leading law enforcement agencies to issue a cybersecurity advisory against the group last year.
The Japanese automaker Nissan was among Akira’s largest victims in 2023, with about 100,000 people impacted by the December 2023 breach. Stanford University and Nassau Bay, a city in Texas, were among other victims it claimed.
Akira, named after a Japanese cyberpunk manga, is known for its multi-extortion tactics. The gang consistently demands ransom payments ranging from $200,000 to $4 million and publishes data online if payment is not fulfilled.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked