The Akira ransomware group claims on its dark web leak site to have compromised data from Panasonic Australia. Shortly after that announcement, Singapore authorities issued an advisory advising affected companies to not heed the ransomware group's demands, in response to local law firm Shook Lin & Bok confirming that it had been struck by the group. Panasonic Australia is a regional subsidiary of Panasonic Holdings Corporation headquartered in Japan. It manufactures electronic equipment and devices such as cameras, home equipment, sound equipment, personal care devices, power tools, and air conditioning. The Akira ransomware group has previously targeted several high-profile organizations while netting millions in ransom payments from affected victims.

Akira Ransomware Group Attack on Panasonic Australia

The ransomware group alleged that it had exfiltrated sensitive project information and business agreements from the electronics manufacturer Panasonic Australia. No sample documents were posted to verify the authenticity of the breach claims. The potential impact of the breach on Panasonic Australia is unknown but could present a serious liability for the confidentiality of the company's stolen documents.

Cyber Security Agency of Singapore Issues Advisory

Singapore's Cyber Security Agency (CSA) along with the country's Personal Data Protection Commission (PDPC) issued an advisory to organizations instructing them to report Akira ransomware attacks to respective authorities rather than paying ransom demands. The advisory was released shortly after an Akira ransomware group attack on the Shook Lin & Bok law firm. While the firm still continued to operate as normal, it had reportedly paid a ransom of US$1.4 million in Bitcoin to the group. The Akira ransomware group had demanded a ransom of US$2 million from the law firm earlier, which was then negotiated down after a week, according to the SuspectFile article. The Cyber Security Agency of Singapore (CSA) stated that it was aware of the incident and offered assistance to the law firm. However, it cautioned against similar payments from other affected victims. "Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data," the agency stated. "Furthermore, threat actors may see your organisation as a soft target and strike again in the future. This may also encourage them to continue their criminal activities and target more victims." The Singaporean authorities offered a number of recommendations to organizations:

• Enforce strong password policies with at least 12 characters, using a mix of upper and lower case letters, numbers, and special characters.
• Implement multi-factor authentication for all internet-facing services, such as VPNs and critical system accounts.
• Use reputable antivirus or anti-malware software to detect ransomware through real-time monitoring of system processes, network traffic, and file activity. Configure the software to block suspicious files, prevent unauthorized remote connections, and restrict access to sensitive files.
• Periodically scan systems and networks for vulnerabilities and apply the latest security patches promptly, especially for critical functions.
• Migrate from unsupported applications to newer alternatives.
• Segregate networks to control traffic flow between sub-networks to limit ransomware spread. Monitor logs for suspicious activities and carry out remediation measures as needed.
• Conduct routine backups following the 3-2-1 rule: keep three copies of backups, store them in two different media formats, and store one set off-site.
• Conduct incident response exercises and develop business continuity plans to improve readiness for ransomware attacks.
• Retain only essential data and minimize the collection of personal data to reduce the impact of data breaches.

"Organisations should periodically scan their systems and networks for vulnerabilities and regularly update all operating systems, applications, and software by applying the latest security patches promptly, especially for functions critical to the business," the police, CSA and PDPC said in a joint statement. The criminal group had previously also come under the attention of various other governments and security agencies, with the FBI and CISA releasing a joint cybersecurity advisory as part of the #StopRansomware effort. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The Akira ransomware group allegedly targeted E-T-A Elektrotechnische Apparate GmbH, an organization located in Germany. The ransomware group claims to have stolen 24 gigabytes of sensitive material, including customer information, non-disclosure agreements (NDAs), financial records, and employee personal information. To substantiate these claims, the threat actor has attached a screenshot with all this information. E-T-A Elektrotechnische Apparate GmbH operates six production facilities and has a presence in 60 countries worldwide. The company’s product range includes a variety of electrical protection solutions essential to numerous industries. The company is renowned for manufacturing circuit breakers, electronic circuit protectors, and various other electronic components. Despite the ransomware group's claims, the company's official website appeared to be fully functional, and there were no signs of foul play. Further to verify Akira's cyberattack on E-T-A claims, The Cyber Express Team reached out to E-T-A Elektrotechnische Apparate GmbH for an official statement. As of the time of writing, no response has been received from the company. This leaves the ransomware claims unverified, with no confirmation or denial from E-T-A's officials.

Akira Ransomware: Previous Track Record

The Akira ransomware gang has arisen as a danger to small and medium-sized organizations (SMBs), mostly in Europe, North America, and Australia. The group uses advanced tactics to infiltrate systems, frequently acquiring illegal access to a company's virtual private networks (VPNs). Sophos X-Ops research shows that Akira often uses compromised login credentials or exploits weaknesses in VPN technologies such as Cisco ASA SSL VPN or Cisco AnyConnect. Recently, in May 2024, Akira targeted Western Dovetail, a well-known woodworking shop. In April 2024, Akira was identified as the gang responsible for a series of cyberattacks against businesses and key infrastructure in North America, Europe, and Australia. According to the US Federal Bureau of Investigation (FBI), Akira has hacked over 250 firms since March 2023, collecting roughly $42 million in ransom payments. Initially, Akira's attacks targeted Windows systems. However, the gang has since broadened its tactics to include Linux computers, causing anxiety among international cybersecurity agencies. These cyberattacks show Akira's strategy of targeting a wide range of industries and businesses of all sizes, frequently resulting in major operational interruptions and financial losses. As it stands, the Akira ransomware group's claims against E-T-A Cyberattack are unsubstantiated. The lack of an official response from the company creates a vacuum in the confirmation of these claims. While the company's website is still operational, signaling no immediate disruption, a data breach might have serious consequences, compromising client confidentiality, financial integrity, and employee privacy. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.