Akira Ransomware Group Extracts $42Million: Global Agencies Issue Cybersecurity Advisories
Summary:
Akira, a one-year-old ransomware group, has reportedly breached over 250 organizations and garnered approximately $42 million in ransom money globally. Investigations by FBI reveal that the ransomware group has been targeting businesses across North America, Europe, and Australia since March 2023. They have used pre-installed VPNs lacking multifactor authentication to gain access to sensitive data. The ransomware then demands Bitcoin payments from victims to restore access to the infected systems. Several international cybersecurity agencies have issued advisories, suggesting best-practices such as system-wide encryption and continuous security testing to mitigate potential threats.
Akira, a ransomware syndicate that's just one year old, has violated the security systems of over 250 establishments and made off with around $42 million in ransom money. This concerning activity has sparked worldwide alarms from renowned cybersecurity organizations. The Federal Bureau of Investigation (FBI) in the U.S. has discovered that since March 2023, Akira has aimed its ransomware attacks at commercial and vital infrastructure bodies in North America, Europe, and Australia. Initially, it was only Windows operating systems on their radar, but they have recently discovered a Linux version of Akira.
A joint cybersecurity advisory (CSA) was issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the European Cybercrime Centre (EC3) of Europol and the National Cyber Security Centre of the Netherlands (NCSC-NL) to alert the public about the danger. According to the CSA, Akira infects systems via pre-installed virtual private networks (VPNs) that don't use multifactor authentication (MFA). After breaking in, the ransomware gathers sensitive information and credentials, locks the system down, and then delivers a ransom notice.
Akira's modus operandi differs in that they don't ask for a ransom or provide payment instructions immediately. They only do this when the victimized organization gets in contact with them. The victims are then forced to pay Bitcoin (BTC) to regain control of their systems. This type of malware typically records an initial access and then turns off security programs to avoid detection.
The respective agencies are advising protective measures such as multifactor authentication, a prepared recovery plan, encryption across the board, the disabling of unused ports and hyperlinks, and network traffic filtration. They emphasize that continuous testing of security systems in real-life situations is essential to ensure optimal resistance to the Akira ransomware.
Previously, the FBI, CISA, NCSC, and National Security Agency (NSA) sounded an alert regarding malware targeting digital wallets and cryptocurrency exchanges, including the Binance and Coinbase trading apps and the Trust Wallet. The warnings stated that no file, regardless of its nature, was safe from the malware's reach within these aforementioned directories.
Published At
4/19/2024 10:20:30 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.