In June 2024, a Latin American airline fell victim to a targeted cyber attack orchestrated using the Akira ransomware. Attackers gained initial access through SSH exploitation of a vulnerability in Veeam Backup & Replication, identified as CVE-2023-27532. Within a brief span of 133 minutes, the attackers escalated their privileges, exfiltrated sensitive documents, images, and spreadsheets containing confidential data, and laid the groundwork for ransomware deployment. The attack disrupted the airline's operations and led to the encryption of their systems with ransomware, resulting in the potential loss of crucial data and substantial operational disruption.
"id": "alt000071624",
"linkid": "alta---latin-american-&-caribbean-air-transport-association",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"