FBI Uncovers Akira Ransomware Group behind Over 250 Business Breaches

The group began its activities in March 2023, and has since infiltrated over 250 business entities, making away as much as $42 million in ransomware proceeds.

Mayowa Adebajo By Mayowa Adebajo Julia Sakovich Edited by Julia Sakovich Updated 2 mins read
FBI Uncovers Akira Ransomware Group behind Over 250 Business Breaches
Photo: Depositphotos

Akira, a less-than-a-year-old Bitcoin ransomware group, has been named as the culprit behind some recent attacks. According to an investigation by the United States Federal Bureau of Investigation (FBI), the group began its activities in March 2023, and has since infiltrated over 250 business entities, making away as much as $42 million in ransomware proceeds. Per the reports, Akira has been targeting businesses in North America, Europe, and Australia.

FBI Issues Warning against Akira Ransomware

Initially, the ransomware was targeting Windows systems. However, the FBI recently uncovered that there’s another version that also targets Linux.

To this end, the agency, with collaborative efforts from the Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Center (EC3) and the Netherlands’ National Cyber Security Centre (NCSC-NL), has issued a joint cybersecurity advisory (CSA). Their aim is to warn the public of the threats that this ransomware poses.

Detailing how Akira works, the advisory says it gains its first entry through pre-installed virtual private networks (VPNs) and immediately disables security software to avoid detection.

Once entry is achieved, the ransomware then begins to extract credentials and other sensitive material from the system before locking up the system. It then finishes off the attack by displaying a ransom note.

Notably, the persons behind the attack do not make any demands or give payment instructions immediately. They wait for their victims to reach out before relaying that information.

However, once the victims make contact, the bad actors ask to be paid in Bitcoin BTC for them to restore access.

Recommends Mitigation Techniques

The advisory also recommended some ways by which the general public can stay abreast of these ransomware attacks. They include implementing a recovery plan, filtering network traffic, multi-factor authentication (MFA), disabling unused ports and hyperlinks, and system-wide encryption. The statement reads:

“The FBI, CISA, EC3, and NCSC-NL recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATTACK techniques identified in this advisory.”

It might be worth noting that several security agencies, including the FBI, CISA, NCSC,  and the US National Security Agency (NSA) have also issued such warning alerts about malware in the past. They noted how malware has become commonly used by bad actors to target crypto wallets and exchanges.

Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.

Cybersecurity News, News, Technology News
Mayowa Adebajo

Mayowa is a crypto enthusiast/writer whose conversational character is quite evident in his style of writing. He strongly believes in the potential of digital assets and takes every opportunity to reiterate this. He's a reader, a researcher, an astute speaker, and also a budding entrepreneur. Away from crypto however, Mayowa's fancied distractions include soccer or discussing world politics.

Mayowa Adebajo on X