Vickers Engineering Hit by Akira Ransomware Exposing 25GB of Data
Ransomware Attack on Vickers Engineering by Akira Group
Vickers Engineering, a precision machining and automation solutions company based in New Troy, Michigan, has recently fallen victim to a ransomware attack orchestrated by the Akira group. The attack has resulted in the exfiltration of 25GB of sensitive data, including Social Security Numbers, driver licenses, and other employee information. Additionally, the compromised data encompasses numerous non-disclosure agreements, contracts, and various accounting and financial files, posing significant risks to both the company's operations and its stakeholders.
About Vickers Engineering
Established in 1970, Vickers Engineering specializes in precision machining, light assembly, and automation solutions. The company operates over 130 CNC machines and more than 50 Fanuc robots, positioning itself at the forefront of automated manufacturing. Vickers Engineering serves a diverse array of sectors, including automotive, oil and gas, and rail. As a Tier 1 and Tier 2 supplier to major automotive manufacturers such as Toyota, Honda, Volkswagen, and Subaru, the company underscores its capacity to meet the rigorous demands of high-volume production environments.
What Makes Vickers Engineering Stand Out
Vickers Engineering is known for its commitment to embracing cutting-edge technology and automation. The company has created its own automation technology through its subsidiary, Red Rabbit Automation, demonstrating an innovative approach to the industry. The workforce at Vickers Engineering consists of highly skilled professionals, including machinists, quality engineers, automation control engineers, and program managers, ensuring that the company remains competitive in an evolving manufacturing landscape.
Vulnerabilities and Attack Overview
The Akira ransomware group, which first emerged in March 2023, has been targeting small to medium-sized businesses across various sectors. The group uses double extortion tactics, stealing data from victims before encrypting their systems and demanding a ransom for both decryption and data deletion. Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. In the case of Vickers Engineering, the attackers exfiltrated a significant amount of sensitive data, highlighting potential vulnerabilities in the company's cybersecurity measures.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family believed to be affiliated with the now-defunct Conti ransomware gang. The group has a unique dark web leak site with a retro 1980s-style green-on-black interface that victims must navigate by typing commands. Akira's ransom demands typically range from $200,000 to over $4 million. The group has been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration and has expanded its operations to target Linux-based VMware ESXi virtual machines in addition to Windows systems.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!