Akira, a ransomware group that has been active for a year, has successfully infiltrated over 250 organizations and collected an estimated $42 million in ransom payments, according to prominent global cybersecurity agencies.
The United States Federal Bureau of Investigation (FBI) conducted an investigation into Akira and discovered that the group has been targeting businesses and critical infrastructure entities in North America, Europe, and Australia since March 2023. While the initial focus was on Windows systems, the FBI recently uncovered a Linux variant of the Akira ransomware.
To raise awareness about this threat, the FBI, alongside the Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL), jointly issued a cybersecurity advisory (CSA).
According to the advisory, Akira gains initial access through virtual private networks (VPNs) that lack multifactor authentication (MFA). Once inside, the ransomware extracts credentials and sensitive information before encrypting the system and displaying a ransom note. To regain access, the victim organizations are required to make ransom payments in Bitcoin (BTC). To avoid detection, the malware disables security software after gaining initial access.
The advisory suggests several mitigation techniques to counter ransomware attacks. These include implementing a recovery plan and MFA, filtering network traffic, disabling unused ports and hyperlinks, and implementing system-wide encryption.
“The FBI, CISA, EC3, and NCSC-NL recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory,” the agencies concluded.
In a related development, the FBI, CISA, NCSC, and the U.S. National Security Agency (NSA) have previously issued alerts about malware targeting cryptocurrency wallets and exchanges.
The report highlights that the malware has extracted data from directories associated with Binance and Coinbase exchange applications, as well as the Trust Wallet application. Regardless of the file type, every file within these directories is being exfiltrated by the malware.
In other news, find out why hip hop stars are embracing cryptocurrency in our feature article, “Get Bitcoin or die tryin’.”