HomeSecurity ArchitectureAkira ransomware gang claims theft of passport scans from Lush in 110...

Akira ransomware gang claims theft of passport scans from Lush in 110 GB data heist • The Register

Published on

spot_img

The recent cybersecurity incident at a British bath bomb merchant has been claimed by the Akira ransomware gang, with the hackers boasting that they have obtained 110 GB of data from the global cosmetics giant. Among the stolen data are reportedly personal documents such as passport scans, in addition to company-related files on accounting, finances, tax, projects, and clients. While there is no evidence to suggest that customer data has been exposed, the threat of data publication looms as the cybercriminals threaten to make the data public soon.

It appears that Akira’s modus operandi involves categorizing victims into groups based on whether they paid the ransom, with those who didn’t pay having their data published and those who did facing uncertain dates for data publication. This seems to suggest that negotiations may have taken place, but have possibly stalled, prompting Akira to use the threat of data publication as leverage to push the talks forward.

In response to the incident, Lush, the affected company, communicated that it is working with outside forensic experts to investigate the issue, indicating that the situation bears the hallmarks of a ransomware attack. The company also stated that it has taken immediate steps to secure and screen all systems, underscoring its commitment to containing the incident and minimizing its impact on operations.

The incident first came to light in a post made on the unofficial Lush Reddit community, where a user claimed that staff members were instructed to send their laptops to head office for “cleaning”, a detail that has been verified to be true. This aligns with Akira’s known practice of engaging in extortion without an encryption component, which could explain the absence of visible external disruption to Lush’s operations.

Akira’s emergence in early 2023 has been marked by an increasing number of victims, with an apparent preference for targeting vulnerable Cisco VPN products and remote access tools without multifactor authentication deployed. The group primarily targets organizations in the UK, Australia, and North America, and is known for demanding exorbitant ransom payments in the nine-figure range.

Experts have pointed out the group’s relationship with Conti, which has led to its classification as one of the spin-off gangs following the downfall of Conti in 2022. Notably, Akira is believed to be responsible for the recent attack on Finnish IT service provider Tietoevry, affecting online services at Swedish government departments and universities.

Tietoevry has stated that the attack was limited to one of its Swedish data centers, and while the incident has been contained, the company remains uncertain about the timeline for full recovery. This underscores the far-reaching impact of ransomware attacks orchestrated by groups such as Akira, which continue to pose a significant threat to organizations and institutions worldwide.

Source link

Latest articles

Cyber Threat Assessment from securityboulevard.com

systems from cyber threats. By actively engaging in cyber threat assessments and implementing the...

Trillions at Stake as Global Threats Soar, ANZ’s Security Chief Warns

In the face of the escalating global threat posed by cybercrime, industry experts like...

African Infrastructure Cyberattacks and AI-Powered Threats Increase

In 2023, a noticeable decrease in cyber threats was observed in most major economies...

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

More like this

Cyber Threat Assessment from securityboulevard.com

systems from cyber threats. By actively engaging in cyber threat assessments and implementing the...

Trillions at Stake as Global Threats Soar, ANZ’s Security Chief Warns

In the face of the escalating global threat posed by cybercrime, industry experts like...

African Infrastructure Cyberattacks and AI-Powered Threats Increase

In 2023, a noticeable decrease in cyber threats was observed in most major economies...
en_USEnglish