Akira Group Ransomware Attack on Reinhold Sign Service

Incident Date: Jun 07, 2024

Attack Overview

VICTIM

Reinhold Sign Service

INDUSTRY

Business Services

LOCATION

USA

ATTACKER

Akira

FIRST REPORTED

June 7, 2024

Request Removal

Ransomware Attack on Reinhold Sign Service by Akira Group

Overview of Reinhold Sign Service

Founded in 1954, Reinhold Sign Service, Inc. is a family-owned business based in Green Bay, Wisconsin. Specializing in the design, fabrication, installation, and maintenance of custom signage, the company serves a diverse range of industries including retail, corporate, healthcare, and hospitality. With a team of 11 employees, Reinhold Sign Service is known for its high-quality sign products and advanced manufacturing techniques.

Details of the Ransomware Attack

The Akira ransomware group has claimed responsibility for an attack on Reinhold Sign Service. The group announced on their dark web leak site that they have exfiltrated financial and accounting data, drawings, and some client information from the company. Akira has threatened to upload these files soon, leveraging their double extortion tactics to pressure the victim into paying a ransom.

About the Akira Ransomware Group

Emerging in March 2023, Akira is a rapidly growing ransomware family. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, and technology. Akira is known for its double extortion tactics, where they steal data before encrypting systems and demand a ransom for both decryption and data deletion. The group uses a unique dark web leak site with a retro 1980s-style interface and has been linked to the now-defunct Conti ransomware gang.

Potential Vulnerabilities and Penetration Methods

Like many small to medium-sized businesses, Reinhold Sign Service may have vulnerabilities that make them attractive targets for ransomware groups. Akira typically gains unauthorized access through VPNs, credential theft, and lateral movement within the network. They use tools like RClone, FileZilla, and WinSCP for data exfiltration. The group's ability to target both Windows and Linux-based VMware ESXi virtual machines further broadens their attack surface.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.