Nedavni incident kibernetičke sigurnosti kod britanskog trgovca bombama za kupanje preuzela je banda Akira ransomwarea, a hakeri se hvale da su dobili 110 GB podataka od globalnog kozmetičkog diva. Među ukradenim podacima su navodno osobni dokumenti kao što su skenirane putovnice, uz dosjee vezane uz tvrtku o računovodstvu, financijama, porezima, projektima i klijentima. Iako nema dokaza koji bi ukazivali na to da su podaci o klijentima bili razotkriveni, prijeti opasnost od objave podataka jer kibernetički kriminalci prijete da će podatke uskoro objaviti.
It appears that Akira’s modus operandi involves categorizing victims into groups based on whether they paid the ransom, with those who didn’t pay having their data published and those who did facing uncertain dates for data publication. This seems to suggest that negotiations may have taken place, but have possibly stalled, prompting Akira to use the threat of data publication as leverage to push the talks forward.
Kao odgovor na incident, Lush, pogođena tvrtka, priopćila je da radi s vanjskim forenzičkim stručnjacima na istraživanju problema, što ukazuje da situacija nosi obilježja napada ransomwarea. Tvrtka je također izjavila da je poduzela hitne korake za osiguranje i zaštitu svih sustava, naglašavajući svoju predanost obuzdavanju incidenta i smanjenju njegovog utjecaja na poslovanje.
The incident first came to light in a post made on the unofficial Lush Reddit community, where a user claimed that staff members were instructed to send their laptops to head office for “cleaning”, a detail that has been verified to be true. This aligns with Akira’s known practice of engaging in extortion without an encryption component, which could explain the absence of visible external disruption to Lush’s operations.
Akira’s emergence in early 2023 has been marked by an increasing number of victims, with an apparent preference for targeting vulnerable Cisco VPN products and remote access tools without multifactor authentication deployed. The group primarily targets organizations in the UK, Australia, and North America, and is known for demanding exorbitant ransom payments in the nine-figure range.
Experts have pointed out the group’s relationship with Conti, which has led to its classification as one of the spin-off gangs following the downfall of Conti in 2022. Notably, Akira is believed to be responsible for the recent attack on Finnish IT service provider Tietoevry, affecting online services at Swedish government departments and universities.
Tietoevry je izjavio da je napad bio ograničen na jedan od njegovih švedskih podatkovnih centara, a iako je incident obuzdan, tvrtka je i dalje nesigurna oko vremenskog okvira za potpuni oporavak. Ovo naglašava dalekosežni učinak napada ransomwarea orkestriranih od strane grupa kao što je Akira, koji i dalje predstavljaju značajnu prijetnju organizacijama i institucijama diljem svijeta.