Ransomware Attack on North Georgia Brick Co., Inc. by Akira Group

North Georgia Brick Co., Inc., a leading brick distributor based in Cumming, Georgia, has recently fallen victim to a ransomware attack orchestrated by the Akira ransomware group. The attack, which was disclosed on Akira's dark web leak site, has compromised 10 GB of sensitive data, including employee documents, contracts, and detailed financial information.

Company Overview

Established in 1982, North Georgia Brick Co., Inc. has grown to become the largest distributor of brick in Georgia, serving a wide range of clients, including builders, contractors, and masons. The company offers a diverse selection of building materials, such as bricks, pavers, and stone veneer, emphasizing the ecological benefits of brick as a durable, energy-efficient, and low-maintenance building material. With multiple showrooms across Georgia, North Georgia Brick provides comprehensive services, including brick masonry and stone installation, positioning itself as a one-stop solution for construction needs.

Attack Overview

The Akira ransomware group claims to have infiltrated North Georgia Brick's systems, exfiltrating 10 GB of sensitive data. The compromised data includes employee documents, contracts, and detailed accounting and financial information. This breach poses significant risks to the company's operations and the privacy of its employees and business partners. The attack highlights the vulnerabilities that even well-established companies in the construction sector can face from sophisticated ransomware groups.

About the Akira Ransomware Group

Akira is a relatively new ransomware family that emerged in March 2023. The group has rapidly gained notoriety for targeting small to medium-sized businesses across various sectors, including government, manufacturing, technology, and construction. Akira employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. The group's ransom demands typically range from $200,000 to over $4 million. Akira's dark web leak site features a retro 1980s-style interface, requiring victims to navigate by typing commands.

Penetration Tactics

Akira's operators are known for using unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. They have also been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor to maintain persistent access to compromised systems. The group's ability to adapt and evolve its tactics makes it a formidable threat to organizations across various industries.

Implications for North Georgia Brick

The ransomware attack on North Georgia Brick Co., Inc. underscores the importance of strong cybersecurity measures, even for companies with a long-standing reputation in their industry. The breach not only threatens the company's operational integrity but also the privacy and trust of its employees and business partners. As the construction sector continues to digitize, companies must remain vigilant against evolving cyber threats.

• North Georgia Brick Co., Inc. - Official Website
• Trend Micro - Ransomware Spotlight: Akira
• Sophos News - Akira Ransomware
• Tripwire - Akira Ransomware: What You Need to Know
• Trellix - Akira Ransomware