Cellular Plus Hit by Akira Ransomware Compromising Sensitive Data

Incident Date: Sep 05, 2024

Attack Overview

VICTIM

Cellular Plus

INDUSTRY

Telecommunications

LOCATION

USA

ATTACKER

Akira

FIRST REPORTED

September 5, 2024

Request Removal

Ransomware Attack on Cellular Plus by Akira Group

Cellular Plus, a prominent Verizon Wireless Authorized Retailer, has recently been targeted by the notorious ransomware group Akira. This attack has compromised a substantial amount of sensitive data, significantly impacting the company's operations and data security.

About Cellular Plus

Founded in 1998 by Adam Kimmet, Cellular Plus operates primarily in the telecommunications sector, focusing on providing personalized customer service and expertise in wireless communication solutions. The company offers a wide range of Verizon products and services, including smartphones, plans, and accessories, catering to both individual and business needs. With over 20 years of experience, Cellular Plus has built a reputation for problem-solving and fast service, ensuring customer satisfaction.

Attack Overview

The ransomware attack orchestrated by Akira has resulted in the compromise of sensitive information, including personal data of 270 employees, accounting and financial records, and certain client files. Additionally, operating system files have been affected. The attackers have threatened to upload the stolen data after Cellular Plus refused to comply with their demands, highlighting the severe impact on the company's operations and data security.

About Akira Ransomware Group

Akira is a ransomware group that emerged in March 2023, quickly establishing itself as a significant threat in the cybersecurity landscape. The group employs a double-extortion model, involving both data encryption and data theft. Akira typically appends the .akira extension to encrypted files and has been associated with tactics similar to those used by the notorious Conti ransomware group. The group targets both Windows and Linux systems, often gaining initial access through compromised credentials, exploiting vulnerabilities in public-facing services, or via phishing attacks.

Penetration and Impact

Akira's penetration into Cellular Plus's systems likely involved exploiting weak multi-factor authentication and known vulnerabilities in VPNs, particularly targeting Cisco devices. The ransomware uses a combination of ChaCha20 and RSA algorithms for file encryption, while also deleting shadow copies to hinder recovery efforts. The extensive data exfiltration and encryption underscore the severe impact on Cellular Plus's operations and data security.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.