Ransomware Attack on Financoop by Akira Group Threatens Sensitive Data

Incident Date: Jul 11, 2024

Attack Overview

VICTIM

Financoop

INDUSTRY

Finance

LOCATION

United Kingdom

ATTACKER

Akira

FIRST REPORTED

July 11, 2024

Request Removal

Ransomware Attack on Financoop by Akira Group

Overview of Financoop

Financoop, officially known as Caja Central Financoop, is a financial institution based in Ecuador, specializing in providing financial products and services to savings and credit cooperatives and mutual savings organizations. Founded in 1999, Financoop operates as a second-tier cooperative financial institution, supporting 138 member cooperatives. The institution is known for its robust financial products, transactional services, and commitment to technological integration and sustainability.

Details of the Attack

Financoop recently fell victim to a ransomware attack orchestrated by the Akira group. The attackers have threatened to release 20GB of sensitive data, including financial information and internal business documents. This breach has significant implications, potentially affecting numerous clients and the integrity of Financoop's operations.

About the Akira Ransomware Group

Akira is a rapidly growing ransomware family that emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including finance, government, and technology. Akira employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. The group is known for its unique dark web leak site with a retro 1980s-style interface.

Penetration and Vulnerabilities

Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. They use tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's ability to adapt and target a wide range of organizations makes them a significant threat. Financoop's extensive digital integration, while enhancing service delivery, may have also exposed vulnerabilities that Akira exploited.

Implications for Financoop

The attack on Financoop underscores the growing threat of ransomware to financial institutions. The potential release of sensitive financial data could have far-reaching consequences for Financoop's clients and its reputation. As a key player in Ecuador's cooperative financial sector, Financoop's ability to recover and reinforce its cybersecurity measures will be crucial in maintaining trust and stability.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.