Apr 19, 2024 at 03:01The FBI has uncovered a widespread cyber threat posed by the Akira ransomware group, which has targeted over 250 organizations worldwide, siphoning off approximately $42 million in ransom payments.
Investigations conducted by the FBI reveal that Akira ransomware has been active since March 2023, targeting businesses and critical infrastructure entities across North America, Europe, and Australia. Initially focusing on Windows systems, Akira has expanded its reach to include Linux variants, posing a significant threat to diverse computing environments.
Collaborating with global cybersecurity agencies, including CISA, EC3, and NCSC-NL, the FBI has issued a joint cybersecurity advisory to raise awareness about the Akira threat and provide guidance on mitigating its impact.
Akira typically gains initial access through vulnerable virtual private networks (VPNs) lacking multifactor authentication (MFA), exploiting this entry point to extract sensitive credentials and data. Upon infiltration, the ransomware encrypts system files and displays ransom notes, demanding Bitcoin payments for restoration of access.
The brand new newsletter with insights, market analysis and daily opportunities.
Let’s grow together!
Unique to Akira’s modus operandi is its strategy of withholding ransom demands until contacted by victims, complicating response efforts. To counteract Akira’s tactics, organizations are advised to bolster security measures, including the implementation of robust recovery plans, MFA protocols, and network traffic filtering.
Furthermore, the advisory recommends proactive security testing and the adoption of encryption protocols to mitigate the risk posed by Akira and similar threats. The FBI, CISA, EC3, and NCSC-NL emphasize the importance of continually evaluating and optimizing security programs to effectively combat emerging cyber threats.
This joint effort follows previous alerts issued by the FBI, CISA, NCSC, and NSA regarding malware targeting crypto wallets and exchanges. The Akira ransomware poses a grave threat not only to organizational data security but also to the integrity of cryptocurrency exchanges, highlighting the need for vigilant cybersecurity measures across all sectors.
9
