Electroalfa Hit by Akira Ransomware: 10GB Data Stolen
Ransomware Attack on Electroalfa by Akira Group
Overview of Electroalfa
Electroalfa, a prominent Romanian company, operates in the manufacturing sector with a specialization in electrical engineering. The company is divided into three primary business units: Electrical Equipment, Steel Fabricated Parts, and EPC (Engineering, Procurement, and Construction) Contractor services. Electroalfa is known for its commitment to quality and innovation, which has established it as a significant player in the industry. The company employs a substantial workforce and has multiple factories and sales branches, although specific figures are not disclosed.
Details of the Attack
Electroalfa has recently fallen victim to a ransomware attack orchestrated by the Akira ransomware group. The cybercriminals have reportedly exfiltrated 10 GB of sensitive data, including project information, client details, and comprehensive personal information of employees. This breach underscores significant vulnerabilities within Electroalfa's cybersecurity infrastructure, highlighting the critical need for enhanced protective measures.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including manufacturing, government, technology, and more. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. The group employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Their ransom demands typically range from $200,000 to over $4 million.
Distinguishing Features of Akira
Akira's dark web leak site features a retro 1980s-style green-on-black interface, requiring victims to navigate by typing commands. The group uses unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. Tools like RClone, FileZilla, and WinSCP are used for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. As of January 2024, Akira has claimed over 250 victims and $42 million in ransomware proceeds.
Potential Vulnerabilities and Penetration Methods
The Akira ransomware group likely penetrated Electroalfa's systems through unauthorized access to VPNs and credential theft. The company's significant size and extensive operations across multiple sectors may have contributed to its vulnerability. The attack highlights the importance of robust cybersecurity measures, including regular updates, employee training, and advanced threat detection systems.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!