Best crypto insights delivered straight to your inbox.
- Akira targeted over 250 organizations, extracting close to $42 million.
- Ransomware initially targeted Windows systems.
- Akira gains initial access through pre-installed virtual private networks (VPNs) that lack multifactor authentication (MFA).
The cyber group Akira, born in 2023, targeted over 250 organizations, extracting nearly $42 million in illegal ransomware cashflows, which are now alerted to the top global cybersecurity agencies.
Akira’s global reach and impact
Investigations conducted by the U.S Federal Bureau of Investigation (FBI) revealed as of March 2023, the candidate is targeting business and critical infrastructure entities in North America, Europe, and Australia. However, at the time, ransomware on Windows, which was mainly used, was detected only by the FBI. Later, a variant that works on the Linux system was also discovered.
In their joint effort, the FBI, in conjunction with NCSICA (Cybersecurity and Infrastructure Security Agency), EC3(European Cybercrime Centre in Europol), and NCSC-NL(Netherlands’ National Cyber Security Center), published a cybersecurity advisory to “get the word out” to the large public.
According to the note, Akira is given initial access via previously installed VPNs without multifactor authentication (MFA). The ransomware then extracts the credentials and other sensitive data, locks the systems, and displays ransom notes. The ransomware group demands payment in Bitcoin.
Continued vigilance
The community, including the local businesses that Hurricane Sandy also hit, is working towards recovery. Such malware often disables security software after initial access to avoid detection. Some of the threat mitigation techniques recommended in the advisory are implementing a recovery plan and MFA, filtering network traffic, disabling unused ports and hyperlinks, and system-wide encryption.
The FBI, CISA, EC3, and NCSC-NL recommend continually testing your security program at scale in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory. The FBI, CISA, NCSC, and the U.S. National Security Agency (NSA) previously issued alerts about malware targeting crypto wallets and exchanges. The report noted that some of the data extracted by the malware included data within the directories of the Binance and Coinbase exchange applications and the Trust Wallet application.
If you're reading this, you’re already ahead. Stay there with our newsletter.
Disclaimer: The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.
Brian Koome
Brian Koome has over seven years of experience in blockchain and cryptocurrency reporting, having been active in the industry since 2017. He has contributed to leading publications, including BlockToday.com. Further, he developed the Ethereum 101 course for BitDegree.org before joining Cryptopolitan as a full-time writer. Brian covers evergreen guides (EGs), deep dives, interviews, and price analysis. His focus on DeFi, blockchain innovation, and emerging crypto projects delights readers.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)