Akira Ransomware Hits Allied Industrial Group: 15GB Data Compromised

Incident Date: Jul 08, 2024

Attack Overview

VICTIM

Allied Industrial Group

INDUSTRY

Manufacturing

LOCATION

USA

ATTACKER

Akira

FIRST REPORTED

July 8, 2024

Request Removal

Ransomware Attack on Allied Industrial Group by Akira

Overview of Allied Industrial Group

Allied Industrial Group (AIG) is a prominent player in the manufacturing sector, specializing in custom tooling solutions and engineering services. The company operates a 60,000 square foot manufacturing facility equipped with over 60 advanced machines. AIG's offerings include material handling systems, ergonomic lifting solutions, and complete production line setups. Their engineering team, with over 200 years of combined experience, provides services such as reverse engineering, prototype development, material analysis, and design optimization. AIG is committed to quality and safety, ensuring compliance with industry standards and maintaining a proactive approach to workplace safety.

Details of the Ransomware Attack

On July 9, 2024, Allied Industrial Group fell victim to a ransomware attack orchestrated by the Akira ransomware group. Approximately 15GB of data was compromised during the incident, with the specifics of the data and the attackers' demands yet to be disclosed. The company is currently assessing the extent of the intrusion and its potential impact on operations.

About the Akira Ransomware Group

Akira is a rapidly growing ransomware family that emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including manufacturing, government, technology, and education. Akira employs double extortion tactics, stealing data before encrypting systems and demanding ransom for both decryption and data deletion. The group's ransom demands typically range from $200,000 to over $4 million. Akira's dark web leak site features a retro 1980s-style interface, requiring victims to navigate by typing commands.

Penetration and Vulnerabilities

Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement within networks. They use tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's ability to target both Windows systems and Linux-based VMware ESXi virtual machines makes them a versatile and formidable threat. Allied Industrial Group's extensive use of advanced machinery and reliance on digital systems for engineering and production likely made them an attractive target for Akira.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.