The Akira ransomware group listed the McGregor company on its victim list. The McGregor cyber attack was conducted early in the first week of May and claimed to have 362GB of company data.
McGregor cyber attack and the sector under attack
The McGregor company supplies growers in Washington, Idaho and Oregon with seed, crop inputs, and other researched data. The company was among the several other small and medium-sized businesses targeted.
The McGregor attack is not linked with Irish professional mixed martial artist Conor McGregor.
The new group Akira ransomware was launched in March 2023, and they quickly listed US schools, manufacturing, and financial organizations on its victim list.
Another ransomware called Akira, which was in the news in 2017, was not found to be related to the present Akira ransomware.
The Cyber Express reached out to the company post the alleged McGregor cyber attack but has not received any response so far.
Among the recently claimed attacks by Akira include the Bluefield security incident, the BridgeValley Community and Technical College attack, and the Mitchell Partnership Inc., cyberattack.
The group allegedly hacked Garcia Hamilton & Associates in May which is an asset management firm and New World Travel, Inc. which is a travel service-providing company.
The McGregor cyber attack and the removal of the Akira ransomware
Researchers notified that using the right software tools, virus scanners, and anti-virus programs can help remove the Akira ransomware from targeted systems.
The dangerous Akira ransomware was found to be unusual in its attack. Akira infiltrates the systems to scan a list of specified files.
After running the ransomware-removing tools, the developers may be able to see connect IP addresses as shown below:
First Akira deletes Windows Shadow Volume Copies. It then encrypts copies of the found files individually which can be archives, images, documents, media files, etc.
The ransomware then removes the targeted files found on the device. The ransomware file skips the checking of the recycle bin and System Volume Information.
The Akira ransomware also does not encrypt Windows system files with the following extensions:
- .exe
- .lnk
- .dll
- .sys
- .msi
It closes services that may have open files that may be preventing the encryption of files. Each folder is left with a ransom note. It moves laterally across devices and looks for Windows domain admin credentials to launch the ransomware attack.
The group has been found to make a ransom demand starting at nearly $200,000 and steal data files between 5 to 259 GB. They were found to reduce the ransom amount if the target was not in need of a decryptor.
