On November 9, 2023, Simons Petroleum was targeted by an Akira ransomware attack, resulting in the theft of approximately 70GB of sensitive data. The compromised information included operating files, confidential corporate documents, personal details of employees (e.g., names, contact information, employment records), and non-disclosure agreements (NDAs). The attackers exfiltrated the data before encrypting the company’s systems and later published the stolen information on their dark web Tor blog, as reported by cybersecurity firm RedPacket Security. While the full extent of the operational and financial fallout remains undisclosed, the breach exposed internal employee data and proprietary business documents, posing significant risks to corporate confidentiality, legal compliance, and workforce trust. The incident underscores the growing threat of double-extortion ransomware, where attackers both encrypt systems and threaten to leak stolen data unless a ransom is paid.
TPRM report: https://www.rankiteo.com/company/simons-petroleum
"id": "sim754092125",
"linkid": "simons-petroleum",
"type": "Ransomware",
"date": "11/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'petroleum/oil & gas',
'location': 'USA',
'name': 'Simons Petroleum',
'type': 'company'},
{'industry': 'petroleum/oil & gas',
'location': 'USA',
'name': 'Maxum Petroleum',
'type': 'company'},
{'industry': 'logistics/petroleum',
'location': 'USA',
'name': 'Pilot Thomas Logistics',
'type': 'company'}],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes personal and '
'confidential business data)',
'type_of_data_compromised': ['operating files',
'confidential documents',
'personal information '
'(employees)',
'NDAs']},
'date_detected': '2023-11-09',
'date_publicly_disclosed': '2023-11-09',
'description': 'On November 9, 2023, Simons Petroleum, Maxum Petroleum, and '
'Pilot Thomas Logistics in the USA fell victim to an Akira '
'ransomware attack. The attackers claimed to have obtained '
'about 70GB of data, including operating files, confidential '
'documents, personal information of employees, and NDAs. The '
'information was scraped from the Akira Onion Dark Web Tor '
"Blog page and posted on RedPacket Security's blog. RedPacket "
'Security clarified that they are not affiliated with the '
'attackers and do not host any infringing content.',
'impact': {'brand_reputation_impact': 'potential (data leak disclosed '
'publicly)',
'data_compromised': ['operating files',
'confidential documents',
'personal information of employees',
'NDAs'],
'identity_theft_risk': 'high (personal information of employees '
'compromised)'},
'initial_access_broker': {'data_sold_on_dark_web': True},
'motivation': 'financial (ransom)',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Akira'},
'references': [{'source': 'RedPacket Security Blog'},
{'source': 'Akira Onion Dark Web Tor Blog'}],
'threat_actor': 'Akira ransomware group',
'title': 'Akira Ransomware Attack on Simons Petroleum, Maxum Petroleum, and '
'Pilot Thomas Logistics',
'type': 'ransomware'}