Ransomware Attack on Volo Internet Tech by Akira Group

Volo Internet Tech, a locally owned internet service provider based in Central Illinois, has become the latest victim of a ransomware attack orchestrated by the notorious Akira group. The attack, which occurred on November 21, resulted in the leak of 49GB of sensitive internal data, including Social Security Numbers, Non-Disclosure Agreements, passports, and driver's licenses.

Company Profile and Industry Standing

Established in 2002, Volo Internet Tech has been a key player in expanding fiber internet networks in Central Illinois, particularly in areas such as Champaign-Urbana, Mahomet, and Thomasboro. The company offers high-speed fiber optic and wireless broadband services, along with comprehensive IT solutions for both residential and business clients. Despite its small size, employing between 1 to 10 individuals, Volo is known for its commitment to local service and customer satisfaction, providing tailored solutions at competitive prices.

Akira Ransomware Group

Emerging in March 2023, Akira operates as a Ransomware-as-a-Service (RaaS) entity, employing a double extortion model. The group is distinguished by its sophisticated encryption techniques and potential ties to the former Conti group.

Penetration and Impact

Akira's penetration into Volo's systems likely involved exploiting vulnerabilities in network security, possibly through compromised VPN credentials or unpatched software.

Sources

• Halcyon AI - Akira Develops Rust-Based Ransomware
• Volo Internet Tech - Official Website
• CISA - Cybersecurity Advisories
• LinkedIn - Volo Internet Tech
• Halcyon AI - Akira Ransomware Analysis