Imetame Group Hit by Major Akira Ransomware Attack
Imetame Group Falls Victim to Akira Ransomware Attack
Imetame Group, a diversified Brazilian company with operations spanning metalworking, ornamental stones, port services, energy, and oil & gas, has recently been targeted by the notorious Akira ransomware group. The attack has resulted in the exfiltration of approximately 20 GB of highly sensitive data, including personal employee information, client data, project details, contact information, and financial files.
About Imetame Group
Established in 1980, Imetame Group has grown into a significant player in various industries. The company operates through several key sectors, including metalworking, ornamental stones, port operations, and energy. Imetame is known for its commitment to sustainable practices and socio-environmental responsibility, which is reflected in its business operations and community initiatives. The company’s extensive portfolio and diversified operations make it a standout in the Brazilian industrial landscape.
Attack Overview
The Akira ransomware group has claimed responsibility for the attack on Imetame Group via their dark web leak site. The breach has exposed detailed personal data of employees, including scans, as well as client data, project details, contact information, and financial files. The scope of the leaked data underscores the extensive operational footprint of Imetame Group across multiple industries, highlighting the potential for significant operational and reputational damage.
About Akira Ransomware Group
Akira is a ransomware group that emerged in March 2023 and has quickly established itself as a significant threat in the cybersecurity landscape. The group employs a double-extortion model, involving both data encryption and data theft. Akira ransomware typically appends the .akira extension to encrypted files and has been linked to over 250 attacks, resulting in approximately $42 million in ransom payments. The group is known for targeting organizations in various sectors, including manufacturing, education, finance, and healthcare.
Penetration and Vulnerabilities
Akira ransomware is capable of targeting both Windows and Linux systems, including VMware ESXi virtual machines. Initial access is often gained through compromised credentials, exploiting vulnerabilities in public-facing services, or via phishing attacks. In the case of Imetame Group, the ransomware group likely exploited weak multi-factor authentication (MFA) and known vulnerabilities in VPNs, particularly targeting Cisco devices. The attackers then used tools like RDP, PowerShell, and credential dumping tools to navigate through the network, exfiltrating data before encryption.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!