Akira, a ransomware group that has been operating for a year, has successfully breached over 250 organizations and managed to obtain approximately $42 million in ransom payments, according to global cybersecurity agencies.
The United States Federal Bureau of Investigation (FBI) conducted investigations and discovered that Akira ransomware has been specifically targeting businesses and critical infrastructure entities in North America, Europe, and Australia since March 2023. Initially, the ransomware focused on Windows systems, but the FBI recently discovered that Akira also has a Linux variant.
To address the growing threat, the FBI, in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL), released a joint cybersecurity advisory. The purpose of the advisory is to raise awareness about the Akira ransomware and its potential impact.
According to the advisory, Akira gains initial access through pre-installed virtual private networks (VPNs) that lack multifactor authentication (MFA). Once inside the system, the ransomware extracts valuable credentials and sensitive information before encrypting the system and displaying a ransom note.
To regain access to their systems, victim organizations are required to make ransom payments in Bitcoin (BTC). Akira ransomware often disables security software after gaining access to avoid detection.
The advisory recommends several threat mitigation techniques, including implementing a recovery plan and MFA, filtering network traffic, disabling unused ports and hyperlinks, and implementing system-wide encryption. The agencies also stress the importance of continually testing security programs to ensure optimal performance against the identified attack techniques.
In a related development, the FBI, CISA, NCSC, and the U.S. National Security Agency (NSA) have previously issued alerts regarding malware that targets cryptocurrency wallets and exchanges.
The report highlights that the malware extracted various data, including information from the directories of popular exchange applications such as Binance and Coinbase, as well as the Trust Wallet application. Regardless of file type, all files within the listed directories are being exfiltrated by the malware.
In other news, an article explores why hip hop stars are showing a growing interest in cryptocurrencies, particularly Bitcoin.