Akira Ransomware Siphons $42M from 250+ Companies
source link: https://cryptomode.com/news/akira-ransomware-42m-from-250-companies/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Akira Ransomware Siphons $42M from 250+ Companies
The FBI and other agencies provided insights on Akira ransomware that infiltrated systems via vulnerable VPNs that lack multifactor authentication.
Akira, a newly formed ransomware gang, has been wreaking havoc, infiltrating over 250 organizations and generating $42 million in ransom payments.
Following extensive investigations, the United States Federal Bureau of Investigation (FBI) discovered that the Akira ransomware had targeted businesses and critical infrastructure in Australia, Europe, and North America since Mar. 2023. Initially, it focused on Windows systems, but the FBI revelation highlights the emergence of a Linux version of Akira.
Ransomware Threat Advisory
The FBI, in collaboration with Europol’s European Cybercrime Centre (EC3), Cybersecurity and Infrastructure Security Agency (CISA), and the Netherlands’ National Cyber Security Centre (NCSC-NL), issued a critical cybersecurity advisory to raise awareness about potential threats.
The advisory gives insight into the operation of Akira, a ransomware that infiltrates systems via vulnerable virtual private networks (VPNs) that lack multifactor authentication (MFA). Once inside, Akira steals credentials and sensitive information before locking down the system and demanding a ransom.
Victims must pay their required ransom via Bitcoin (BTC) before they can regain access to their compromised systems. Notably, Akira frequently turns off security protocols after infiltration to avoid detection, exacerbating the difficulty of combating this malicious software.
Mitigating Akira’s Threat
Accordingly, the advisory recommends implementing a robust recovery plan, multifactor authentication (MFA), proactive network traffic filtering, deactivating unused ports, and adopting system-wide encryption protocols. The FBI, CISA, EC3, and NCSC-NL’s collaborative efforts underscore the importance of continuously testing security protocols in real-world scenarios to counter hack techniques highlighted in the advisory effectively.
Cybersecurity Best Practice against Ransomware. | Source: cisa.gov
Previously, the FBI, CISA, NCSC, and the US National Security Agency (NSA) issued alerts about malware targeting cryptocurrency wallets and exchanges. The report highlights data extraction from directories associated with applications like Binance, Coinbase, and Trust Wallet. Notably, the malware exfiltrates all files in the listed directories, irrespective of the file type.
Disclaimer
This article is provided for information only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK