🔥 Land A High Paying Web3 Job In 90 Days LEARN MORE

Cybersecurity agencies unite against Akira ransomware threat

In this post:

  • Akira targeted over 250 organizations, extracting close to $42 million.
  • Ransomware initially targeted Windows systems.
  • Akira gains initial access through pre-installed virtual private networks (VPNs) that lack multifactor authentication (MFA).

The cyber group Akira, born in 2023, targeted over 250 organizations, extracting nearly $42 million in illegal ransomware cashflows, which are now alerted to the top global cybersecurity agencies.

Akira’s global reach and impact

Investigations conducted by the U.S Federal Bureau of Investigation (FBI) revealed as of March 2023, the candidate is targeting business and critical infrastructure entities in North America, Europe, and Australia. However, at the time, ransomware on Windows, which was mainly used, was detected only by the FBI. Later, a variant that works on the Linux system was also discovered.

In their joint effort, the FBI, in conjunction with NCSICA (Cybersecurity and Infrastructure Security Agency), EC3(European Cybercrime Centre in Europol), and NCSC-NL(Netherlands’ National Cyber Security Center), published a cybersecurity advisory to “get the word out” to the large public.

According to the note, Akira is given initial access via previously installed VPNs without multifactor authentication (MFA). The ransomware then extracts the credentials and other sensitive data, locks the systems, and displays ransom notes. The ransomware group demands payment in Bitcoin.

Continued vigilance

The community, including the local businesses that Hurricane Sandy also hit, is working towards recovery. Such malware often disables security software after initial access to avoid detection. Some of the threat mitigation techniques recommended in the advisory are implementing a recovery plan and MFA, filtering network traffic, disabling unused ports and hyperlinks, and system-wide encryption.

See also  Animoca Brands on track to end 2024 as a VC funding leader

The FBI, CISA, EC3, and NCSC-NL recommend continually testing your security program at scale in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory. The FBI, CISA, NCSC, and the U.S. National Security Agency (NSA) previously issued alerts about malware targeting crypto wallets and exchanges. The report noted that some of the data extracted by the malware included data within the directories of the Binance and Coinbase exchange applications and the Trust Wallet application.

From Zero to Web3 Pro: Your 90-Day Career Launch Plan

Share link:

Disclaimer: The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Cryptopolitan
Subscribe to CryptoPolitan