The Akira Ransomware Gang: A Growing Threat
The Akira ransomware gang has emerged as a significant threat to businesses and critical infrastructure entities across North America, Europe, and Australia, according to a recent joint cybersecurity advisory issued by key agencies such as the FBI and Europol.
Overview of Akira Ransomware Gang
- Akira has conducted over 250 attacks since March 2023, earning around $42 million in ransoms
- Initially targeted Windows systems, now deploying a Linux variant for VMware ESXi virtual machines
- Exploits known Cisco vulnerabilities and uses spearphishing campaigns to breach organizations
- Demands ransom payments in Bitcoin and threatens to publish data on the Tor network
- Key agencies have released a joint cybersecurity advisory to raise awareness and provide mitigation techniques
Evolution of Akira Ransomware Gang
Since its emergence in March 2023, the Akira ransomware gang has conducted a staggering 250 attacks, accumulating approximately $42 million in ransom payments. The rapid success and significant earnings of the gang indicate a high level of expertise and adaptability in their tactics.
Initially focusing on Windows systems, the gang has now expanded its operations by deploying a Linux variant targeting VMware ESXi virtual machines. This strategic shift is concerning as these virtual machines are widely used by large businesses and organizations, making them attractive targets for ransomware attacks.
Tactics and Techniques Employed by Akira
- Akira exploits known Cisco vulnerabilities, targeting VPN services without MFA
- Utilizes spearphishing campaigns and tools for initial access to systems
- Disables security software to avoid detection while moving laterally within the network
Unlike some ransomware groups, Akira does not leave ransom demands on compromised networks. Instead, they wait for victims to contact them for payment details. Payment is demanded in Bitcoin, with threats to publish data on the Tor network if victims do not comply.
Notable Attacks by Akira
- Cloud hosting services provider Tietoevry
- Stanford University
- Major U.S. railroad company
- Government of Nassau Bay in Texas
- Bluefield University
- State-owned bank in South Africa
- Foreign exchange broker London Capital Group
- Yamaha’s Canadian music division
Response and Mitigation Strategies
In response to the growing threat of Akira ransomware attacks, key agencies have released a joint cybersecurity advisory to raise awareness and provide mitigation techniques for organizations:
- Implement a recovery plan
- Enable MFA
- Filter network traffic
- Disable unused ports and hyperlinks
- Employ system-wide encryption
The advisory also emphasizes the importance of continuously testing security programs to optimize performance against identified attack techniques.
Protecting Against Akira and Cybercriminals
By following best practices and remaining vigilant, businesses and critical infrastructure entities can enhance their defenses against evolving tactics employed by ransomware gangs like Akira. Implementing the recommended mitigation strategies can reduce the risk of falling victim to cyberattacks.
Hot Take: Stay Informed and Stay Secure
Stay informed about the threats posed by ransomware gangs like Akira and take proactive steps to safeguard your organization’s data and systems. By prioritizing cybersecurity measures and implementing mitigation techniques, you can effectively protect your business from cyber threats.
By
By
By
By