City in Texas attacked by Akira ransomware gang

Nassau Bay has admitted to having suffered a ransomware attack, leaving more than 8,000 affected.

In a notice to affected clients on November 22nd, Nassau Bay officials explained that there had been a “data security incident that caused the encryption of certain systems and files.”

According to the officials, the attack happened on May 23rd, 2023. An internal investigation showed that “the unauthorized party removed a number of files” from their network, including financial account numbers and credit/debit card numbers in combination with security codes, access codes, passwords, and PINs for the accounts.

Nassau Bay is a city in Harris County, Texas, with a population of 5,347. The Office of the Maine Attorney General states that 8,839 people were affected by the attack. Free credit monitoring and identity theft protection services have not been offered to those affected.

“We have no evidence of financial fraud or identity theft related to this data,” claimed Nathan Burd, a Nassau Bay City Manager.

While the notice to the affected residents does not identify who’s responsible for the attack, it was allegedly carried out by a threat actor named Akira. The ransomware gang has listed a 45GB-strong dataset on its DarkNet leak site that allegedly belongs to Nassau Bay.

Akira leak site
Akira leak site on DarkNet

“Nassau Bay is an incomparable community at the leading edge of technology. But being on the edge is dangerous sometimes. The city government says that they don’t have evidence that the personal information has been compromised. We are willing to provide some evidence,” wrote Akira on their leak site.

The gang earlier this month listed Stanford University as the target of a ransomware attack threatening to leak online 430GB of internal data. The university has since confirmed the cybersecurity incident.

Dozens of attacks in the US and Canada

Akira, a ransomware group discovered in March 2023, takes its name from a Japanese cyberpunk manga. According to Ransomlooker, a Cybernews tool that monitors the dark web, in its short existence, Akira has already listed 45 victims, carrying out numerous attacks on organizations in the United States and Canada.

The group follows a consistent modus operandi, demanding ransom payments ranging from $200,000 to $4 million. If these demands are not met, they resort to publishing compromised data online.

In July 2023, researchers at Avast, a cybersecurity firm, released a decryptor for the Akira ransomware used in several incidents. However, it only combats the Windows version of the ransomware. Akira also targets Linux-based systems with a specifically developed strain of malware.