Akira Ransomware Shifts Focus to Singapore; Authorities Warn Businesses and Suggest Mitigation Strategies
Summary:
Akira ransomware, notorious for stealing $42 million from global entities, is now actively threatening businesses in Singapore. A joint advisory was issued by local authorities following reports of cyberattacks. Previously, Akira had been identified by the FBI as mainly targeting businesses and critical infrastructure. Singapore's authorities discourage victimized businesses from paying ransoms, usually demanded in Bitcoin, as such payments do not guarantee data recovery. Suggestions on protection against these cyberattacks include implementation of recovery plans, multi-factor authentication, traffic filtering, system-wide encryption, and deactivating unused ports and hyperlinks. Simultaneously, it's reported that North Korean hackers are using Durian malware against South Korean crypto businesses.
Akira, the ransomware that pilfered $42 million from more than 250 enterprises across North America, Europe, and Australia within a span of 12 months, is currently setting its sights on Singapore businesses. Singapore's authorities have jointly announced a warning, educating local businesses about the increasing risk presented by a variant of Akira ransomware. This cautionary warning follows multiple reports of cyberattacks lodged at several agencies, including the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF), and the Personal Data Protection Commission (PDPC).
The U.S. Federal Bureau of Investigation (FBI) had previously discovered that Akira ransomware has been focusing its attacks on businesses and critical infrastructure entities. Following a successful cyberattack, Akira delivers a ransomware message to its victims, indicating a successful system compromise.
The Singaporean authorities have given guidelines on how to identify, prevent, and counteract Akira attacks. It is strongly suggested that compromised businesses refrain from ceding to the ransom demands of the attackers. Akira members typically demand payments in digital currencies like Bitcoin (BTC) to release control of the victims' computer systems and internal data. Despite this, Singapore's authorities have urged companies not to comply with the ransom demands.
The authorities emphasize that meeting the ransom demands does not guarantee the decryption of affected data or prevent potential data publication. It is also likely that the perpetrators may launch subsequent attacks expecting further ransom. Noteworthy is the fact that the FBI discovered Akira does not initiate contact with its victims, rather, it waits for them to reach out.
Several strategies have been suggested to thwart ransomware attacks which include the execution of a recovery plan, incorporation of multifactor authentication (MFA), restriction of network traffic, deactivation of dormant ports and hyperlinks, and implementation of encryption across the system.
On a related note, Kaspersky, a cybersecurity firm, recently reported that North Korean cybercriminals were launching attacks on South Korean crypto businesses using the Durian malware. "Durian" is said to have a full range of backdoor functionalities that enable command execution, additional file downloads, and file exfiltration. Furthermore, Kaspersky observed the use of LazyLoad by Andariel, a subgroup within Lazarus Group, which suggests a potential link between Kimsuky and the notorious Lazarus Group.
Published At
6/10/2024 11:12:50 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.