The FBI, in collaboration with CISA, Europol European Cybercrime Centre, and the Netherlands NCSC, has issued a stark warning regarding the Akira Ransomware gang, which has amassed a staggering $42 million from approximately 230 companies as of January 24th, 2024.
The Akira criminal syndicate, unleashed into the digital realm in February 2023, has shifted its attention to VMware virtual machines, employing Linux encryptors on the underlying operating systems.
Law enforcement officials report that the Akira operatives consistently demand ransom payments ranging from $200,000 to millions of dollars, tailored to the scale of the targeted organizations. Typically, these demands are made in Bitcoin (BTC), with occasional requests for the more anonymous Monero currency.
Prominent victims of Akira’s extortion tactics include Nissan Oceania and Stanford University, with a significant portion of small and medium-sized businesses falling prey across Australia, North America, and Europe.
Sophos X-Ops highlights Akira’s modus operandi, whereby they infiltrate corporate networks by initially compromising VPNs through pilfered credentials. In instances where VPN vulnerabilities exist, they exploit weaknesses in virtual private network systems such as Cisco AnyConnect and Cisco ASA SSL VPN.
Network administrators are strongly advised to swiftly address vulnerabilities through patching and prioritize the implementation of multi-factor authentication and robust password protocols across all web services, including VPNs and webmail.
Furthermore, safeguarding Command and Control (C2) channels, where hackers not only extract or transmit data but also issue commands to compromised hosts, is paramount. Endpoint protection measures and securing Remote Desktop Protocols (RDPs) are also recommended strategies in fortifying defenses against such threat actors.
Amidst the backdrop of Bitcoin’s soaring value, exceeding the $64,000 USD threshold, the prospect of acquiring cryptocurrency for ransom payments presents significant challenges. Instead, organizations are encouraged to invest in robust backup solutions integrated with cloud infrastructure and rely on vigilant threat monitoring systems to proactively detect and mitigate ransomware threats
