Home > News > Akira’s Reign: Ransomware Gang Hits 250 Orgs, $42M! 馃挵

Akira’s Reign: Ransomware Gang Hits 250 Orgs, $42M! 馃挵

dall路e 2024 05 07 09.28.09 create a feature image for the article titled android new serious threat for phone users. visualize an android smartphone with visual representation 1

Introduction: Akira's Reign of Terror Ransomware Gang Earns $42 Million Targeting 250 Organizations

The Akira ransomware gang has been identified as a significant threat to businesses and critical infrastructure entities in North America, Europe, and Australia. The United States Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol鈥檚 European Cybercrime Centre (EC3), and the Netherlands鈥 National Cyber Security Centre (NCSC-NL) issued a joint cybersecurity advisory warning about the group's activities.

The Akira ransomware gang uses sophisticated hybrid encryption techniques and multiple ransomware variants to target vulnerable Cisco VPNs. The group has impacted over 250 organizations and claimed approximately $42 million in ransomware proceeds as of January 1, 2024, according to the advisory. The gang has been observed targeting organizations across various industries, including critical infrastructure entities.

TLDR

The Akira ransomware gang has targeted over 250 organizations since March 2023 and has earned approximately $42 million in ransoms. Initially targeting Windows systems, the group has recently deployed a Linux variant that targets VMware ESXi virtual machines. The gang exploits known Cisco vulnerabilities and uses spearphishing campaigns to breach organizations, disabling security software to avoid detection while moving laterally within the network. Akira demands ransom payments in Bitcoin and threatens to publish exfiltrated data on the Tor network if the victim does not comply.

The FBI, CISA, EC3, and NCSC-NL have released a joint cybersecurity advisory to raise awareness about the threat and provide mitigation techniques, such as implementing a recovery plan, MFA, filtering network traffic, and system-wide encryption.

Akira Ransomware Group

Since its emergence in March 2023, the Akira ransomware group has conducted over 250 attacks, amassing approximately $42 million in ransom payments from its victims. Experts believe that the group is composed of experienced ransomware actors who have quickly adapted their tactics to maximize their impact and profits.

Targeted Organizations

Akira initially targeted Windows systems but has recently expanded its operations by deploying a Linux variant that specifically targets VMware ESXi virtual machines. These virtual machines are widely used by large businesses and organizations, making them prime targets for the ransomware group.

Initial Access

To breach their victims鈥 networks, Akira exploits known Cisco vulnerabilities, such as CVE-2020-3259 and CVE-2023-20269, targeting virtual private network (VPN) services that lack multifactor authentication (MFA). The gang employs spearphishing campaigns and other tools to gain initial access to their targets鈥 systems.

Impact

Once inside, Akira typically disables security software to avoid detection while moving laterally within the network, exfiltrating sensitive data using tools like FileZilla, WinRAR, and AnyDesk. Unlike some other ransomware groups, Akira does not leave an initial ransom demand or payment instructions on compromised networks. Instead, the gang waits for the victim to contact them before relaying the ransom amount and payment details.

Ransom Payments

Akira demands that ransom payments be made in Bitcoin, with the threat actors providing cryptocurrency wallet addresses for the victims to use. To further pressure their victims, Akira threatens to publish exfiltrated data on the Tor network and, in some instances, has even resorted to calling the victimized companies directly.

Mitigations

In response to the growing threat posed by Akira, the FBI, CISA, EC3, and NCSC-NL have released a joint cybersecurity advisory to raise awareness about the ransomware group and provide mitigation techniques for organizations to protect themselves. The advisory recommends implementing a recovery plan, enabling MFA, filtering network traffic, disabling unused ports and hyperlinks, and employing system-wide encryption to reduce the risk of a successful Akira attack. The advisory also urges organizations to continually test their security programs at scale in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in the report.

Conclusion and Personal Recommendation

In conclusion, the Akira ransomware gang has caused significant damage to a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. The group has conducted over 250 attacks and amassed approximately $42 million in ransom payments from its victims in just one year. The rapid success and substantial earnings of the Akira ransomware gang have led experts to believe that it is composed of experienced ransomware actors who have quickly adapted their tactics to maximize their impact and profits.

To protect against ransomware attacks like those conducted by the Akira group, individuals and organizations should take the following precautions:

  • Keep all software up-to-date with the latest security patches and updates.
  • Use strong, unique passwords for all accounts.
  • Enable two-factor authentication wherever possible.
  • Regularly back up important data and store backups in a secure, offsite location.
  • Train employees on how to recognize and avoid phishing attacks.
  • Use anti-virus and anti-malware software.
  • Develop and test an incident response plan.

By following these best practices, individuals and organizations can help reduce their risk of falling victim to ransomware attacks like those conducted by the Akira group.

Frequently Asked Questions

What methods does the Akira's Reign of Terror ransomware gang use to infiltrate organizations?

Akira's Reign of Terror ransomware gang uses various methods to infiltrate organizations, including phishing emails, exploiting vulnerabilities in software, and using stolen login credentials.

How much has Akira's Reign of Terror ransomware gang reportedly earned from their attacks?

According to reports, Akira's Reign of Terror ransomware gang has earned approximately $42 million from their attacks on over 250 organizations worldwide.

What types of organizations have been primarily targeted by Akira's Reign of Terror ransomware gang?

Akira's Reign of Terror ransomware gang has primarily targeted critical infrastructure organizations, including healthcare facilities, transportation systems, and energy companies.

What steps can organizations take to protect themselves from ransomware attacks like those carried out by Akira's Reign of Terror?

Organizations can take several steps to protect themselves from ransomware attacks, including regularly backing up data, implementing strong password policies, keeping software up to date, and providing employee training on how to identify and avoid phishing emails.

How does the Akira's Reign of Terror ransomware operate once it has infected a system?

Once it has infected a system, the Akira's Reign of Terror ransomware encrypts files and demands payment in exchange for the decryption key. The ransomware also threatens to leak sensitive information if the ransom is not paid.

What actions have law enforcement agencies taken to address the threat posed by the Akira's Reign of Terror ransomware gang?

Law enforcement agencies, including the FBI and Europol, have issued joint advisories on the threat posed by Akira's Reign of Terror ransomware gang and encouraged organizations to implement mitigations to reduce the risk of attacks. They have also worked to disrupt the gang's operations and bring its members to justice.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.