Akira Group Strikes E-T-A Elektrotechnische Apparate GmbH

Incident Date: Jun 05, 2024

Attack Overview

VICTIM

E-T-A Elektrotechnische Apparate GmbH

INDUSTRY

Manufacturing

LOCATION

Germany

ATTACKER

Akira

FIRST REPORTED

June 5, 2024

Request Removal

Ransomware Attack on E-T-A Elektrotechnische Apparate GmbH by Akira Group

Overview of E-T-A Elektrotechnische Apparate GmbH

Founded in 1948, E-T-A Elektrotechnische Apparate GmbH is a German company specializing in circuit protection and power management solutions. With a significant global presence, the company operates six production facilities and has subsidiaries in over 60 countries. E-T-A is renowned for its high-quality circuit breakers, electronic relays, power distribution modules, and advanced control systems, serving industries such as automotive, aerospace, telecommunications, and industrial automation.

Details of the Ransomware Attack

The Akira ransomware group has claimed responsibility for a cyberattack on E-T-A Elektrotechnische Apparate GmbH. According to Akira, they have exfiltrated 24 gigabytes of sensitive data, including customer information, non-disclosure agreements, financial records, and employee personal information. A screenshot purportedly showing the stolen data was posted on Akira's dark web leak site. Despite these claims, E-T-A's official website remains operational, and the company has not yet confirmed or denied the attack.

About the Akira Ransomware Group

Emerging in March 2023, Akira is a relatively new ransomware group known for targeting small to medium-sized businesses across various sectors, including manufacturing, technology, and telecommunications. Akira employs double extortion tactics, stealing data before encrypting systems and demanding ransoms ranging from $200,000 to over $4 million. The group is believed to have ties to the defunct Conti ransomware gang, sharing similar code and tactics.

Potential Vulnerabilities and Attack Vectors

Akira's attack methods include unauthorized access to VPNs, credential theft, and lateral movement within networks. They use tools like RClone, FileZilla, and WinSCP for data exfiltration. The group's ability to target both Windows and Linux-based VMware ESXi virtual machines highlights their adaptability and sophistication. E-T-A's extensive global operations and reliance on digital systems for manufacturing and distribution may have made them a lucrative target for Akira.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.