The group began its activities in March 2023, and has since infiltrated over 250 business entities, making away as much as $42 million in ransomware proceeds.
Akira, a less-than-a-year-old Bitcoin ransomware group, has been named as the culprit behind some recent attacks. According to an investigation by the United States Federal Bureau of Investigation (FBI), the group began its activities in March 2023, and has since infiltrated over 250 business entities, making away as much as $42 million in ransomware proceeds. Per the reports, Akira has been targeting businesses in North America, Europe, and Australia.
FBI Issues Warning against Akira Ransomware
Initially, the ransomware was targeting Windows systems. However, the FBI recently uncovered that there’s another version that also targets Linux.
To this end, the agency, with collaborative efforts from the Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Center (EC3) and the Netherlands’ National Cyber Security Centre (NCSC-NL), has issued a joint cybersecurity advisory (CSA). Their aim is to warn the public of the threats that this ransomware poses.
Detailing how Akira works, the advisory says it gains its first entry through pre-installed virtual private networks (VPNs) and immediately disables security software to avoid detection.
Once entry is achieved, the ransomware then begins to extract credentials and other sensitive material from the system before locking up the system. It then finishes off the attack by displaying a ransom note.
Notably, the persons behind the attack do not make any demands or give payment instructions immediately. They wait for their victims to reach out before relaying that information.
However, once the victims make contact, the bad actors ask to be paid in Bitcoin BTC for them to restore access.
Recommends Mitigation Techniques
The advisory also recommended some ways by which the general public can stay abreast of these ransomware attacks. They include implementing a recovery plan, filtering network traffic, multi-factor authentication (MFA), disabling unused ports and hyperlinks, and system-wide encryption. The statement reads:
“The FBI, CISA, EC3, and NCSC-NL recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATTACK techniques identified in this advisory.”
It might be worth noting that several security agencies, including the FBI, CISA, NCSC, and the US National Security Agency (NSA) have also issued such warning alerts about malware in the past. They noted how malware has become commonly used by bad actors to target crypto wallets and exchanges.
next