Subscribe to Newsletters

Curated Content | Thought Leadership | Technology News

Government Agencies Issue New Joint Advisory for Akira Ransomware Group

$42 million stolen thus far.
Ryan Uliss
Contributing Writer

The Akira ransomware gang has emerged as a formidable and relentless cybercriminal force, leaving a trail of devastation in its wake. A joint advisory from the FBI, CISA, Europol, and the Netherlands’ National Cyber Security Centre claims that this malicious group has successfully targeted more than 250 organizations across North America, Europe, and Australia over the past year alone.

The advisory sheds light on the staggering financial impact of Akira’s activities, with the group amassing a staggering $42 million in ransomware payments from its victims since March of 2023.

Masters of Adaptability

What sets Akira apart is its adaptability and the relentless evolution of its tactics. Initially targeting Windows systems, the group quickly expanded its arsenal by deploying a Linux variant specifically designed to infiltrate VMware ESXi virtual machines – a platform widely used by numerous large enterprises and organizations.

In a disturbing development, Akira has demonstrated the ability to simultaneously unleash multiple ransomware variants against different system architectures within a single attack. This tactical shift marks a concerning escalation of the group’s capabilities, making it an even more formidable adversary.

Akira’s ransomware actors have proven adept at exploiting known vulnerabilities, particularly in Cisco VPN services that lack proper multifactor authentication (MFA) protection. The group has leveraged known flaws such as CVE-2020-3259 and CVE-2023-20269 to gain initial access to target networks.

A Jack of All Trades

However, Akira’s arsenal extends beyond technical vulnerabilities. The group also employs social engineering tactics, including spearphishing campaigns and the abuse of valid credentials, to breach organizations and establish a foothold within their systems.

Once inside a target network, Akira’s operators swiftly disable security measures to evade detection while systematically expanding their presence. They create new domain accounts to establish persistence, leverage techniques like “Kerberoasting” for credential extraction, and employ tools such as Mimikatz and LaZagne for privilege escalation.

Reconnaissance efforts are conducted using tools like Advanced IP Scanner and SoftPerfect, allowing the group to map out the compromised environment and identify high-value assets for potential data exfiltration or encryption.

Encryption and Exfiltration

Akira’s encryption capabilities have become particularly concerning to many as the group employs a “sophisticated hybrid encryption scheme” that tailors encryption methods based on file type and size, enabling both full and partial encryption of targeted data.

Furthermore, the group has demonstrated a willingness to exfiltrate sensitive data from compromised systems, using tools like FileZilla and WinRAR. This tactic heightens the pressure on victims, as the threat of data exposure adds to the urgency of paying the ransom demand.

The Wrap

In the face of Akira’s relentless onslaught, the advisory from law enforcement and cybersecurity agencies provides a roadmap for organizations to enhance their defenses. Key recommendations include implementing detailed recovery plans, enforcing multifactor authentication, staying up-to-date with security patches, and segmenting networks to limit the potential impact of a breach.

By fostering a culture of cybersecurity awareness, implementing stringent security measures, and staying informed about emerging threats, organizations can fortify their defenses against Akira and other ransomware menace.

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters