CISA, FBI, and Europol warn of Akira ransomware targeting Windows and Linux systems. It uses "double extortion" tactics, with $42 million in ransoms paid. Key defenses: recognize infection signs, back up data, and avoid paying ransoms.
In a significant international collaboration, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) have released a joint Cybersecurity Advisory (CSA) on the 19th of April, 2024.
This advisory, titled #StopRansomware: Akira Ransomware, provides detailed information on the methods, tactics, and procedures of the Akira ransomware which has been actively compromising global systems.
The Akira ransomware initially targeted Windows systems but has since evolved to affect Linux systems, specifically targeting VMware ESXi virtual machines. The ransomware utilises two primary strains of code: Megazord, which is Rust-based, and Akira, developed using C++.
Since its emergence in August 2023, Akira ransomware has severely impacted a wide array of sectors, including critical infrastructure in North America, Europe, and Australia, accruing about $42 million in ransom payments.
The widespread impact of Akira ransomware underscores the substantial threat it poses to international businesses and infrastructure.
It not only encrypts files but also employs "double extortion" tactics, where attackers exfiltrate sensitive data and threaten to release it unless a ransom is paid. This can lead to severe operational disruptions, data loss, financial loss, and reputational damage.
CISA and its partners strongly urge entities, especially those in critical infrastructure sectors, to review and implement the recommended mitigation strategies to minimise the risk and impact of ransomware attacks.
The updated #StopRansomware Guide, available on CISA’s dedicated webpage, offers comprehensive guidance and resources.
Ransomware is an escalating threat that requires vigilant security practices to defend against. Here are some critical guidelines recommended by CISA and the Australian Cyber Security Centre (ACSC) to help manage and counter ransomware threats:
Be aware of the typical indications of a ransomware infection, such as unexpected pop-ups demanding a ransom, inability to access certain files, or discovering files with unusual extensions or in unexpected locations.
Avoid clicking on suspicious links, opening attachments from unknown sources, or visiting untrusted websites, as these are common vectors for ransomware dissemination.
Regularly back up important data and ensure that backups are not connected to your primary network. This helps in restoring critical data without yielding to ransom demands.
Paying the ransom does not guarantee the recovery of your data and may expose you to further attacks. It also encourages the perpetuation of these malicious activities.
In the event of a ransomware attack, contact relevant authorities or cyber security professionals immediately. For instance, organisations in Australia can call the ACSC Hotline at 1300 CYBER1 (1300 292 371) for 24/7 assistance.
The escalating threat of ransomware like Akira requires a coordinated and comprehensive approach to cybersecurity. By staying informed about the latest threats and adhering to established cybersecurity practices, organisations can better protect themselves from significant financial and operational harm.
This week’s Cyber Pulse Mid-Week Briefings cover Australia’s new Cyber Security Bill, rising ransomware claims, Zscaler's AI-driven platform growth, and cyber threats from East Asia, including Chinese influence operations, North Korean tech theft, and costly global data breach claims.
Telegram is tightening its policies, sharing user IPs and phone numbers of criminals with authorities. As hybrid warfare blends state-backed hacking with cybercrime, Telegram faces pressure to curb illegal activities exploiting its encryption features.
DDoS attacks are on the rise globally, targeting the Middle East, Israel, Ukraine, and key sectors like software, telecom, and banking.
BlackSuit Ransomware Strikes Again! The notorious hackers behind last year's Dallas attack have rebranded as BlackSuit, now demanding $500 million in ransoms! The FBI and CISA confirm the group's new identity, with aggressive tactics and enhanced methods to pressure victims into paying up.
