Ransomware Attack on Reading Electric by Akira

Victim Overview

Reading Electric, a company acquired by Bearing & Drive Solutions (BDS) in 2018, specializes in providing electromechanical products and services for industrial and commercial systems in the Manufacturing sector. Utilizing JavaScript, their offerings include crucial electro-mechanical products necessary for efficient system functioning. Their services encompass a wide array of electrical services and repairs, including AC & DC Electric Motors, Commercial Generator Installation & Monitoring, Gearbox Repair, Machine Shop Services, and Emergency Electrical Services & Repair, catering to the diverse needs of industrial and commercial clients.

Ransomware Attack Details

The cybercriminal group, Akira, targeted the website of Reading Electric using a ransomware attack. The attack resulted in the exfiltration of 82 GB of data, including personal documents, confidential agreements, contracts, and financial data, posing a severe threat to the security and privacy of Reading Electric's sensitive information.

Akira Ransomware Group

Akira is a rapidly growing ransomware family that targets small to medium-sized businesses across various sectors. The group is believed to be affiliated with the now-defunct Conti ransomware gang and employs double extortion tactics, demanding ransom for decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.

Attack Vector

The group employs unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. The group has been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor to infiltrate systems.

Sources:

• Reading Electric Website
• Trend Micro - Akira Ransomware
• Sophos - Akira Ransomware
• Tripwire - Akira Ransomware
• Trellix - Akira Ransomware
• IC3 - Ransomware Report