In a disturbing yet intriguing development, cyber criminals have once again demonstrated their capacity to target organizations with the sole aim of extracting valuable data. Historically, ransomware groups have been known to target active businesses, steal critical data, and encrypt it in an effort to extort a ransom from the company, usually with the expectation that the business head will pay to restore the stolen information. However, in a shocking twist, the infamous Akira Ransomware gang has recently exposed a surprising case on the dark web—one that has raised more questions than answers.
The gang has disclosed that it has obtained sensitive information from an Australian media company, Regency Media. What’s truly odd, however, is that the company, which had once been a key player in the industry, has been defunct since 2023.
Yes, you read that correctly: Regency Media has not been operational for over two years, and yet, its data has found its way onto the dark web. This raises an important question—why would cyber criminals go after a business that is no longer active, especially when there is no realistic chance of receiving any ransom?
Upon investigation, it appears that the criminals gained access to a trove of valuable data, which they have now leaked onto the dark web. This data dump includes non-disclosure agreements, sensitive personal information such as driver’s licenses, passport details, email addresses, and even contact information of staff and employees. Additionally, they have exposed financial records, including customer audit reports and other confidential financial data. The sheer volume of the stolen data is striking—approximately 16GB of sensitive information was obtained in the breach.
What makes this case even more puzzling is that Regency Media, the company in question, has not been operational for nearly two years. The business, once involved in the manufacturing of VCDs, cassettes, and tapes, ceased to exist as a functioning entity by July 2023. Given that the company has no operational capacity to pay a ransom, one might wonder what motivated the Akira gang to target them in the first place.
Initial investigations suggest that Regency Media may still be in possession of some older, proprietary data archives. These legacy servers, although no longer part of the company’s active infrastructure, may have been retained as archival repositories. However, it’s important to note that these servers likely have no connection to any ongoing business operations, making the breach even more unusual. Moreover, because Regency Media is no longer operational, the criminals’ chances of extorting money from the company are virtually nonexistent.
Some cybersecurity experts speculate that the breach may have occurred in 2023, around the time when Regency Media officially ceased operations. This would suggest that the hackers may have sat on the stolen data for a period of time before choosing to disclose it publicly. It’s not uncommon for sensitive or valuable data to circulate on the dark web for a while before being sold or released—often because there’s always demand for such data, even if the original business is no longer functioning.
The fact that Akira Ransomware leaked the data despite Regency Media being defunct demonstrates a crucial point: cyber criminals are primarily motivated by financial gain, and the identity or current operational status of the victimized company is irrelevant. Whether a business is active or no longer operational, the goal of these attackers remains the same—to profit from the stolen data, regardless of the collateral damage caused.
In the end, this incident serves as a stark reminder of the persistent and ever-evolving nature of cyber threats. Even companies that have long since shut their doors are not safe from data breaches, and the criminals responsible for these attacks will stop at nothing to exploit whatever sensitive information they can get their hands on.
