Ship Services Faces Ransomware Threat from Akira Group

Incident Date: Nov 20, 2024

Attack Overview

VICTIM

Ship Services

INDUSTRY

Transportation

LOCATION

USA

ATTACKER

Akira

FIRST REPORTED

November 20, 2024

Request Removal

Ransomware Attack on Ship Services by Akira Group

On November 21, Ship Services, a prominent player in the maritime services industry, became the latest victim of a ransomware attack orchestrated by the notorious Akira group. This incident underscores the vulnerabilities faced by companies in the transportation sector, particularly those with significant operational dependencies and sensitive data.

About Ship Services

Ship Services is a specialized marine services company with a 40-year history, dedicated to providing comprehensive support to the maritime and offshore industries. With a workforce of 11 to 50 employees, the company offers a range of services, including marine logistics, technical support, and crew management. Their commitment to safety, pollution prevention, and customer satisfaction sets them apart in the competitive marine services market. Despite their Safety Quality Management System, the company’s relatively small size may have contributed to its vulnerability to sophisticated cyber threats.

Details of the Attack

The Akira ransomware group claimed responsibility for the attack, which resulted in the compromise of approximately 30GB of internal corporate data. This data breach included sensitive information such as employee and customer contacts, Social Security numbers, driver's licenses, and medical documents. The attackers have threatened to release this data unless their ransom demands are met, leveraging Akira’s double extortion model to exert pressure on Ship Services.

Profile of the Akira Ransomware Group

Emerging in March 2023, Akira has quickly established itself as a formidable ransomware-as-a-service (RaaS) entity. Known for its sophisticated encryption techniques and cross-platform capabilities, Akira targets sectors with high-stakes data, including healthcare, finance, and transportation. The group’s potential connections with the former Conti group and its use of a Rust-based Linux variant for VMware ESXi environments highlight its technical prowess and strategic approach.

Potential Vulnerabilities and Penetration Methods

Akira’s attack on Ship Services likely involved exploiting vulnerabilities in the company’s network infrastructure. Common tactics include spear-phishing, exploiting compromised VPN credentials, and targeting unpatched vulnerabilities in systems like Cisco ASA. These methods allow Akira to bypass security measures and gain initial access, followed by lateral movement within the network to exfiltrate sensitive data.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.