Ransomware Attack on EDI by Akira Group: Data Breach Details
Ransomware Attack on Environmental Design International Inc. by Akira Group
Overview of Environmental Design International Inc. (EDI)
Environmental Design International Inc. (EDI) is a professional engineering firm based in Chicago, Illinois, established in 1991. With over three decades of experience, EDI has built a reputation for delivering high-quality engineering consulting services across multiple disciplines, including civil engineering, construction engineering, land surveying, environmental consulting, and industrial hygiene. The firm is recognized for its commitment to excellence, innovation, and sustainability, making it a key player in significant infrastructure projects.
Details of the Ransomware Attack
On July 31, 2024, EDI fell victim to a ransomware attack orchestrated by the Akira group. The attack resulted in the unauthorized access and potential leak of 60 GB of sensitive data, including non-disclosure agreements (NDAs), confidential agreements, employees' personal documents, and detailed financial data. This breach poses significant challenges for EDI in securing its data and mitigating the impact of the attack.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Their ransom demands typically range from $200,000 to over $4 million.
How Akira Penetrated EDI's Systems
Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's ability to adapt and target both Windows and Linux-based VMware ESXi virtual machines makes them a formidable threat to organizations like EDI.
EDI's Vulnerabilities
EDI's extensive involvement in high-profile infrastructure projects and its handling of sensitive data make it an attractive target for ransomware groups like Akira. The firm's commitment to innovation and sustainability, while commendable, also necessitates robust cybersecurity measures to protect against sophisticated cyber threats. The breach underscores the importance of continuous vigilance and advanced security protocols in safeguarding critical data.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!