Crypto News – Akira Ransomware Group Targeting Businesses Globally, FBI Investigation Reveals
Crypto News – The Akira ransomware group has come under scrutiny from the U.S. Federal Bureau of Investigation (FBI) for its extensive targeting of businesses and critical infrastructure across North America, Europe, and Australia since March 2023.
In a joint effort involving top global cybersecurity agencies such as the FBI, Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL), it was revealed that Akira, a year-old ransomware group, has breached over 250 organizations, accumulating roughly $42 million in ransomware proceeds.
The FBI’s investigations unveiled that Akira ransomware, initially focused on Windows systems, has recently expanded its reach to include Linux variants. The modus operandi involves exploiting vulnerabilities in pre-installed virtual private networks (VPNs) lacking multifactor authentication (MFA). Upon gaining entry, Akira extracts sensitive information and credentials before encrypting systems and displaying a ransom note.
Notably, Akira refrains from leaving initial ransom demands on compromised networks, only providing payment instructions upon victim contact. Payment, typically demanded in Bitcoin, is required for restoring access, with the ransomware often disabling security software to evade detection.
To combat this threat, the joint cybersecurity advisory emphasizes implementing robust mitigation strategies, including the development of recovery plans, MFA deployment, network traffic filtering, deactivation of unused ports and hyperlinks, and widespread encryption measures.
Furthermore, the advisory stresses the importance of regularly testing security protocols at scale in live environments to effectively counter the identified MITRE ATT&CK techniques employed by Akira.
This collaborative effort by the FBI, CISA, EC3, and NCSC-NL underscores the seriousness of the threat posed by Akira ransomware and the necessity for proactive cybersecurity measures.
It’s worth noting that prior alerts from the FBI, CISA, NCSC, and the U.S. National Security Agency (NSA) highlighted the targeting of cryptocurrency wallets and exchanges by malicious actors, with data extracted from platforms like Binance, Coinbase, and Trust Wallet, irrespective of file type.
Leave a comment