The Akira ransomware organisation has been targeting corporations and key infrastructure institutions in North America, Europe, and Australia since March 2023, according to information uncovered by the U.S. FBI.
Leading international cybersecurity agencies were informed that Akira, a ransomware group that has been active for a year, had compromised over 250 organisations and taken away almost $42 million in ransomware revenues.
According to FBI investigations, since March 2023, businesses and critical infrastructure organisations in North America, Europe, and Australia have been the target of the Akira ransomware. Although Akira was first detected by the FBI targeting Linux systems, the ransomware was originally designed to target Windows systems.
A combined cybersecurity advisory (CSA) was released by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the European Cybercrime Centre (EC3) of Europol, and the National Cyber Security Centre (NCSC-NL) of the Netherlands in order to “disseminate” the threat to the general public.
Akira obtains first access, per the advice, via pre-installed virtual private networks (VPNs) devoid of multifactor authentication (MFA). The malware then locks down the computer and shows a ransom letter after extracting credentials and other private data.
“Akira threat actors do not post payment instructions or a ransom demand on infiltrated networks, and they withhold this information until the victim gets in touch with them.”. In order for the target organisations to regain access, the ransomware group wants payments in Bitcoin. After gaining access, this kind of virus frequently turns off security software to evade detection.
The report suggests a number of threat mitigation strategies, including system-wide encryption, blocking unused ports and linkages, filtering network traffic, and putting in place a recovery plan and MFA. To guarantee optimal performance against the MITRE ATT&CK approaches outlined in this advice, the FBI, CISA, EC3, and NCSC-NL ended by recommending that your security programme be tested frequently at scale in a production environment.
Prior warnings concerning malware being used to target cryptocurrency wallets and exchanges were released by the FBI, CISA, NCSC, and the US National Security Agency (NSA).
According to the research, part of the data that the virus was able to collect came from the directories of the Trust Wallet software, the Binance and Coinbase trading programmes, and other apps. The report claims that every file, regardless of kind, in the specified directories is being exfiltrated.