Akira, a ransomware group only a year old, has already infiltrated over 250 organizations and secured roughly $42 million in ransoms, as reported by leading global cybersecurity agencies.
The FBI’s investigations indicate that Akira has been active since March 2023, attacking businesses and critical infrastructure in North America, Europe, and Australia.
Originally targeting Windows systems, the FBI has now identified a Linux variant of Akira’s ransomware as well.
In response, the FBI, along with the Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL), issued a joint cybersecurity advisory.
This advisory aims to raise public awareness about the Akira threat.
The advisory outlines that Akira typically gains entry through virtual private networks (VPNs) that are not secured with multifactor authentication (MFA).
After gaining access, Akira extracts user credentials and other sensitive data before locking the system and displaying a ransom note.
Notably, the advisory states, “Akira threat actors do not leave an initial ransom demand or payment instructions on compromised networks, and do not relay this information until contacted by the victim.”
READ MORE: Shiba Inu Sees Surge in Market Interest Despite Mixed Sentiments Among Traders
Victims are then asked to pay a ransom in Bitcoin to regain access to their systems. Akira also takes steps to disable security software soon after infiltration to remain undetected.
To combat such threats, the advisory recommends several mitigation strategies, including the implementation of MFA, a recovery plan, filtering of network traffic, disabling of unused ports and hyperlinks, and the use of system-wide encryption.
The agencies emphasize the importance of continual testing of security measures.
“The FBI, CISA, EC3, and NCSC-NL recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory,” they advise.
Previously, the FBI, CISA, NCSC, and the U.S. National Security Agency (NSA) had also warned about malware targeting cryptocurrency wallets and exchanges.
This recent report points out that Akira’s malware extracts data from various cryptocurrency applications like Binance, Coinbase, and the Trust Wallet, emphasizing that it exfiltrates every file type found within the targeted directories.
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.