A notorious ransomware group known as Akira has successfully infiltrated over 250 organizations, amassing a staggering $42 million in ransom payments, according to leading global cybersecurity agencies.
The United States Federal Bureau of Investigation (FBI) recently conducted investigations into Akira’s activities and discovered that the group has been targeting businesses and critical infrastructure entities across North America, Europe, and Australia since March 2023. Initially focused on Windows systems, the FBI has now identified a Linux variant of Akira’s ransomware.
In response to this widespread threat, the FBI, in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL), has released a joint cybersecurity advisory to raise awareness about the Akira ransomware.
According to the advisory, Akira gains initial access to systems by exploiting virtual private networks (VPNs) that lack multifactor authentication (MFA). Once inside, the ransomware extracts sensitive information and credentials before encrypting the system and displaying a ransom note. The victims are then coerced into paying the ransom in Bitcoin (BTC) in order to regain access to their data. To avoid detection, Akira often disables security software after gaining initial access.
To mitigate the risks posed by Akira and other ransomware attacks, the advisory recommends several best practices. These include implementing a recovery plan and MFA, filtering network traffic, disabling unused ports and hyperlinks, and implementing system-wide encryption. The agencies also emphasize the importance of continually testing security programs to ensure optimal performance against the identified attack techniques.
In a related development, the FBI, CISA, NCSC-NL, and the U.S. National Security Agency (NSA) have previously issued alerts regarding malware targeting cryptocurrency wallets and exchanges. The malware in question has been found to extract data from directories within applications such as Binance, Coinbase, and Trust Wallet, without discrimination based on file type.
In conclusion, the threat posed by the Akira ransomware is significant, with numerous organizations falling victim and substantial ransom payments being made. It is crucial for businesses and infrastructure entities to implement robust security measures, follow recommended practices, and remain vigilant to protect against this growing menace.