The Akira ransomware group has had a devastating impact across North America, Europe, and Australia, compromising more than 250 organizations and accruing approximately $42 million in ransom payments since March 2023.
This data, part of a joint Cybersecurity Advisory (CSA) released by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), highlights the ongoing threat posed by this sophisticated cybercrime operation.
Akira profile
The Akira ransomware was first noticed targeting Windows systems but has since evolved. By April 2023, the ransomware operators began targeting VMware ESXi virtual machines with a Linux variant. This shift marks a significant escalation in their operational capabilities, allowing them to affect a wider range of systems and infrastructure.
The FBI and international partners have tracked these activities through meticulous investigations and reports from trusted third parties. The ransomware, characterized by file encryption with an “.akira” or “.powerranges” extension, utilizes a complex encryption method combining ChaCha20 and RSA public-key cryptosystems to secure the ransomware's operations effectively.
Cybersecurity measures
In response to the rising threat, cybersecurity officials have provided detailed mitigation strategies to help organizations protect against such ransomware attacks. These include prioritizing the remediation of known exploited vulnerabilities, enabling multi-factor authentication, and regularly updating software and applications.
Victims of Akira ransomware are subjected to a double-extortion tactic, in which data is first stolen and then encrypted. The threat actors demand ransom in Bitcoin, communicating payment instructions via a .onion website (dark web) only after contact from the victims. In addition to the financial damages, the ransomware group employs psychological tactics by threatening to publish stolen data on the Tor network and directly contacting the companies to pressure them into paying the ransom.
To combat the threat of Akira ransomware, the FBI, CISA, EC3, and NCSC-NL strongly advise implementing robust cybersecurity practices, including:
- Enabling multi-factor authentication (MFA) across all critical systems.
- Keeping systems and software up-to-date to protect against known vulnerabilities.
- Implementing strict access controls and segmenting networks to limit the spread of ransomware.
- Maintaining regular, isolated backups of all critical data to ensure recovery in the event of an attack.
Furthermore, organizations are encouraged to report any incidents of ransomware to the appropriate authorities to help build a more comprehensive defense against these cyber threats and to avoid paying the ransom, as this does not guarantee data recovery and could potentially fund further criminal activities.
In summary, the Akira ransomware continues to pose a significant threat to global security, demanding vigilance and proactive cybersecurity measures from organizations worldwide to protect their assets and sensitive information.
International Law Enforcement Disrupts Phishing Platform LabHost
Leave a Reply