Ransomware Attack on Inland Audio Visual by Akira Group

Overview of Inland Audio Visual

Inland Audio Visual, commonly known as Inland AV, is a leading provider of audiovisual solutions based in Western Canada. Established in 1937, the company has grown to operate five locations across the Canadian Prairies, including Calgary, Edmonton, and Regina. Inland AV specializes in consultation, sales, integration, rentals, and event production services, catering to both corporate and individual clients. The company is renowned for its commitment to quality, customer service, and technological innovation.

Details of the Ransomware Attack

Inland Audio Visual recently fell victim to a ransomware attack orchestrated by the Akira group. The attackers reportedly exfiltrated 10GB of sensitive data, including employee personal files, non-disclosure agreements, contracts, confidential documents, and financial information. This breach has exposed a significant amount of critical and private data, underscoring the severe security challenges faced by the company.

About the Akira Ransomware Group

Akira is a rapidly growing ransomware family that emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. The group's ransom demands typically range from $200,000 to over $4 million. Akira's dark web leak site features a retro 1980s-style interface, requiring victims to navigate by typing commands.

Penetration and Attack Tactics

Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. The group uses tools like RClone, FileZilla, and WinSCP for data exfiltration and has been observed deploying a previously unreported backdoor. In April 2023, Akira expanded its operations to target Linux-based VMware ESXi virtual machines in addition to Windows systems. The group's ability to adapt and evolve its tactics makes it a significant threat to organizations.

Vulnerabilities and Impact

Inland Audio Visual's extensive operations and reliance on advanced audiovisual technologies may have made it an attractive target for the Akira group. The breach has not only compromised sensitive data but also highlighted potential vulnerabilities in the company's cybersecurity measures. The attack serves as a stark reminder of the growing threat posed by sophisticated ransomware groups and the importance of robust cybersecurity defenses.

Sources

• Inland Audio Visual
• Trend Micro: Ransomware Spotlight - Akira
• Sophos News: Akira Ransomware
• Tripwire: Akira Ransomware
• Trellix: Akira Ransomware