Concerns over Akira Ransomware Group Unveiled by Global Agencies 🚨
Prominent global agencies have identified a new ransomware group known as Akira, only around a year old but already causing significant cyber disruptions. This group has infiltrated more than 250 organizations worldwide and garnered approximately $42 million in ransom payments through its malicious activities.
FBI Investigations Uncover Akira’s Targeting of Businesses and Infrastructure 🔍
- The United States Federal Bureau of Investigation (FBI) has conducted investigations revealing that Akira has been actively attacking businesses and critical infrastructure across North America, Europe, and Australia since March 2023.
- Akira initially focused on Windows systems; however, the FBI discovered a Linux variant, expanding its threat scope.
Collaborative Efforts to Mitigate Akira Threats 🤝
In response to the increasing danger posed by Akira, a joint cybersecurity advisory (CSA) was issued by the FBI, Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL). The primary aim of this advisory is to raise awareness and minimize the risks associated with Akira attacks.
“Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension. Akira threat actors have continued to use both Megazord and Akira, including Akira_v2 (identified by trusted third-party investigations) interchangeably.”
Recent Incidents: Akira’s Targets 🎯
- Nissan Oceania and Stanford University have fallen victim to Akira’s ransomware attacks.
- Nissan Oceania reported a data breach impacting 100,000 individuals in March, while Stanford University disclosed a security issue affecting 27,000 individuals last month, with both incidents linked to Akira.
Tactics Employed by Akira Threat Actors 🛡️
- Akira’s threat actors utilize a double-extortion strategy by encrypting systems and then extracting data.
- The ransom note includes a unique code and a .onion URL for the victim to make contact, with ransom demands and payment instructions shared only upon communication.
- Ransom payments are typically made in Bitcoin to specified addresses, with threats to publish stolen data on the Tor network if demands are not met.
Resurgence of Ransomware Attacks in 2023 💣
Ransomware incidents surged in 2023, with ransom payments exceeding $1 billion, marking a record high in the illicit activity.
Centralized exchanges and mixers emerged as primary avenues for laundering ransomware proceeds, dominating the financial channels involved. Nonetheless, newer laundering services such as bridges and instant exchangers gained traction throughout the year.
By
By
By
By