Akira, a newly formed ransomware gang, has been wreaking havoc, infiltrating over 250 organizations and generating $42 million in ransom payments.

Following extensive investigations, the United States Federal Bureau of Investigation (FBI) discovered that the Akira ransomware had targeted businesses and critical infrastructure in Australia, Europe, and North America since Mar. 2023. Initially, it focused on Windows systems, but the FBI revelation highlights the emergence of a Linux version of Akira.

Ransomware Threat Advisory

The FBI, in collaboration with Europol’s European Cybercrime Centre (EC3), Cybersecurity and Infrastructure Security Agency (CISA), and the Netherlands’ National Cyber Security Centre (NCSC-NL), issued a critical cybersecurity advisory to raise awareness about potential threats.

The advisory gives insight into the operation of Akira, a ransomware that infiltrates systems via vulnerable virtual private networks (VPNs) that lack multifactor authentication (MFA). Once inside, Akira steals credentials and sensitive information before locking down the system and demanding a ransom.

Victims must pay their required ransom via Bitcoin (BTC) before they can regain access to their compromised systems. Notably, Akira frequently turns off security protocols after infiltration to avoid detection, exacerbating the difficulty of combating this malicious software.

Mitigating Akira’s Threat

Accordingly, the advisory recommends implementing a robust recovery plan, multifactor authentication (MFA), proactive network traffic filtering, deactivating unused ports, and adopting system-wide encryption protocols. The FBI, CISA, EC3, and NCSC-NL’s collaborative efforts underscore the importance of continuously testing security protocols in real-world scenarios to counter hack techniques highlighted in the advisory effectively.

Cybersecurity Best Practice against Ransomware. | Source: cisa.gov

Previously, the FBI, CISA, NCSC, and the US National Security Agency (NSA) issued alerts about malware targeting cryptocurrency wallets and exchanges. The report highlights data extraction from directories associated with applications like Binance, Coinbase, and Trust Wallet. Notably, the malware exfiltrates all files in the listed directories, irrespective of the file type.

Disclaimer

This article is provided for information only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.