• Home
  • News
  • Akira Attacks US-Based Corpo

Akira Attacks US-Based Corpo

Miklos Zoltan

By Miklos Zoltan . 23 February 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Akira ransomware attacked and infiltrated a US-based private company, Quik Pawn Shop, recently. The victim has been founded in 1978 and has a well-established reputation in the industry.

  • According to Akira’s initial post, the attack allowed the hackers to extract a little over 140 GB of data
  • Some of the data that Akira operators managed to steal include addresses, client info, financial sheets, transaction information, etc.
  • Quick Pawn didn’t comment on the event, and it’s unclear if they’ve managed to repel the attackers and decrypt their systems
  • Akira is a specialized ransomware group that prioritizes US-based targets, although they have been known to hit across the ocean as well

The ransomware actor is currently among the most well-known ones in the industry, and the recent attack is yet another high-value target on Akira’s list. The group also exhibits tough negotiation tactics, which is what makes it so feared in the market.

Interestingly, though, Akira doesn’t always use the double-extortion method. Instead, it relies on simple extortion tactics, without encrypting the victim’s system or employing any ransomware software. The group prefers to go in, steal the data, and leave with the loot.

X showing the Akira attack on the Quik Pawn Shop
https://twitter.com/FalconFeedsio/status/1760898737399099563

One could assume that the lack of encryption makes Akira less dangerous than other ransomware actors, but that’s not entirely true. If negotiations fail, Akira will publish the stolen data publicly or sell it if it’s too valuable.

It’s not unusual for ransomware groups, Akira included, to share the stolen information with other ransomware organizations. These will then extort the victims, too, potentially causing even more significant financial losses.

Akira’s Hacker Profile

Akira doesn’t use the standard spray-and-pray technique that most ransomware actors tend to rely on. While this method is useful for hitting multiple targets in a short time span, it’s not as effective as targeted operations, which is what Akira prefers.

In short, the cybercriminal group stalks its targets several days or weeks before striking. The goal is to collect information about the victim’s defense’s revenue and establish whether the operation is worth it or if it’s even feasible.

Several other ransomware and DDoS organizations display such a level of discipline, including NoName and Lockbit. Most importantly, Akira appears to hit indiscriminately rather than only sticking to one industry.

It appears that the group is strictly interested in financial gains, so it prefers high-value targets, no matter the industry they belong to. That being said, many of Akira’s victims operate in the service and goods and manufacturing industries.

The rest of them are spread across several industries, such as legal services, construction, healthcare, financial services, etc. While Akira doesn’t typically go for targets in the legal and critical infrastructure sectors, nobody is really safe.

Akira always follows the money and these sectors typically contain a lot of high-value targets. It’s also important to note that Akira often uses affiliates to conduct its operations. This allows it to hit multiple targets at once and keep the anonymity of its operators.

While Akira isn’t as active and proficient as other ransomware groups, it is one of the most dangerous in the industry either way.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment