Akira’s Reign of Terror: Ransomware Gang Targets 250+ Organizations, Earns $42 Million

1 week ago 7

The Akira ransomware gang has emerged as a significant threat to businesses and critical infrastructure entities across North America, Europe, and Australia, according to a recent joint cybersecurity advisory issued by the United States Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL).

TLDR

  • The Akira ransomware gang has attacked over 250 organizations since March 2023, earning approximately $42 million in ransoms.
  • Akira initially targeted Windows systems but has recently deployed a Linux variant targeting VMware ESXi virtual machines, which are widely used by large businesses and organizations.
  • The gang exploits known Cisco vulnerabilities and uses spearphishing campaigns to breach organizations, disabling security software to avoid detection while moving laterally within the network.
  • Akira demands ransom payments in Bitcoin and threatens to publish exfiltrated data on the Tor network if the victim does not comply.
  • The FBI, CISA, EC3, and NCSC-NL have released a joint cybersecurity advisory to raise awareness about the threat and provide mitigation techniques, such as implementing a recovery plan, MFA, filtering network traffic, and system-wide encryption.

Since its emergence in March 2023, the Akira ransomware gang has conducted a staggering 250 attacks, amassing approximately $42 million in ransom payments from its victims.

The gang’s rapid success and substantial earnings have led experts to believe that Akira is composed of experienced ransomware actors who have quickly adapted their tactics to maximize their impact and profits.

Initially focusing on Windows systems, Akira has recently expanded its operations by deploying a Linux variant that specifically targets VMware ESXi virtual machines.

This development is particularly concerning, as these virtual machines are widely used by large businesses and organizations, making them prime targets for the ransomware gang.

To breach their victims’ networks, Akira exploits known Cisco vulnerabilities, such as CVE-2020-3259 and CVE-2023-20269, targeting virtual private network (VPN) services that lack multifactor authentication (MFA).

The gang employs spearphishing campaigns and other tools to gain initial access to their targets’ systems. Once inside, Akira typically disables security software to avoid detection while moving laterally within the network, exfiltrating sensitive data using tools like FileZilla, WinRAR, and AnyDesk.

COUNTERINTELLIGENCE TIPSA spear phishing attack is an attempt to acquire sensitive information or access to acomputer system by sending counterfeit messages that appear to be legitimateCOUNTERINTELLIGENCE TIPS: A spear phishing attack is an attempt to acquire sensitive information or access to a computer system by sending counterfeit messages that appear to be legitimate. Source.

Unlike some other ransomware groups, Akira does not leave an initial ransom demand or payment instructions on compromised networks. Instead, the gang waits for the victim to contact them before relaying the ransom amount and payment details.

Akira demands that ransom payments be made in Bitcoin, with the threat actors providing cryptocurrency wallet addresses for the victims to use. To further pressure their victims, Akira threatens to publish exfiltrated data on the Tor network and, in some instances, has even resorted to calling the victimized companies directly.

The Akira ransomware gang has claimed responsibility for a series of high-profile attacks in 2024, including incidents involving

  • Cloud hosting services provider Tietoevry
  • Stanford Universit
  • A major U.S. railroad company
  • The government of Nassau Bay in Texas
  • Bluefield University
  • Astate-owned bank in South Africa,
  • A Foreign exchange broker London Capital Group
  • Yamaha’s Canadian music division.

In response to the growing threat posed by Akira, the FBI, CISA, EC3, and NCSC-NL have released a joint cybersecurity advisory to raise awareness about the ransomware gang and provide mitigation techniques for organizations to protect themselves.

The advisory recommends implementing a recovery plan, enabling MFA, filtering network traffic, disabling unused ports and hyperlinks, and employing system-wide encryption to reduce the risk of a successful Akira attack.

The advisory also urges organizations to continually test their security programs at scale in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in the report.

By following these best practices and remaining vigilant, businesses and critical infrastructure entities can better defend themselves against the evolving tactics of the Akira ransomware gang and other cybercriminal groups.

The post Akira’s Reign of Terror: Ransomware Gang Targets 250+ Organizations, Earns $42 Million appeared first on Blockonomi.

Read Entire Article
  1. Homepage
  2. Blockonomi
  3. Akira’s Reign of Terror: Ransomware Gang Targets 250+ Organizations, Earns $42 Million

Related

Industry Expert Who Called Solana’s (SOL) Recovery After 2022 FTX Drama Says This Dogecoin (DOGE) Rival Priced Under $0.02 Will Reach $1 Within 90 Days

Industry Expert Who Called Solana’s (SOL) Recovery After 202...

31 minutes ago 1
MicroStrategy Develops Decentralized Identity With Bitcoin’s Ordinals Tech

MicroStrategy Develops Decentralized Identity With Bitcoin’s...

3 hours ago 6
Quickex Expands Cryptocurrency Options with Over 200 Coins Available for Exchange

Quickex Expands Cryptocurrency Options with Over 200 Coins A...

5 hours ago 6
Tether Shatters Profit Records: Inside the Stablecoin Giant’s $4.52 Billion Quarter

Tether Shatters Profit Records: Inside the Stablecoin Giant’...

5 hours ago 6

Trending

1. Gladiator
2. Adrian Newey
3. James Harden
4. Clippers
5. Ryan Garcia
6. Monterrey Columbus Crew
7. Harvey Weinstein
8. Cher
9. Breast cancer screenings
10. Mount Horeb

Popular

May crypto token unlocks valued over $3.6b

May crypto token unlocks valued over $3.6b

21 hours ago 45
Starbucks (NASDAQ: SBUX) Q2 Fiscal 2024 Results Leave Investors With a Bitter Taste In Their Mouths

Starbucks (NASDAQ: SBUX) Q2 Fiscal 2024 Results Leave Invest...

18 hours ago 41
BlackRock’s Spot Bitcoin ETF Records Outflows For the First Time in 77 Days

BlackRock’s Spot Bitcoin ETF Records Outflows For the First ...

9 hours ago 38
Meme Coin BONK Susceptible to 50% Decline Amid Bearish Cues

Meme Coin BONK Susceptible to 50% Decline Amid Bearish Cues

19 hours ago 29
Celestia (TIA) Price Targets $7 as Investors Pull Back

Celestia (TIA) Price Targets $7 as Investors Pull Back

15 hours ago 29
English (US) English (US) ·
About Us · Contact Us · Terms & Conditions ·

© CoinDesk 2024. All rights are reserved