Singapore alerts businesses to Bitcoin ransomware risk

Singapore authorities advise against paying ransom to Akira ransomware and recommend immediate reporting and cybersecurity measures.
Singapore authorities advise against paying ransom to Akira ransomware and recommend immediate reporting and cybersecurity measures.

Akira, the ransomware that stole $42 million from over 250 organizations across North America, Europe and Australia within a year, is now actively targeting businesses in Singapore.

Singaporean authorities issued a joint advisory alerting local businesses about the rising threat of an Akira ransomware variant.

Source: Cyber Security Agency of Singapore

The alert comes after agencies, including the Cyber Security Agency of Singapore, the Singapore Police Force and the Personal Data Protection Commission, recently received several complaints from victims of the cyberattack.

Primary targets of Akira ransomware

Prior investigations conducted by the United States Federal Bureau of Investigation found that Akira ransomware has been targeting businesses and critical infrastructure entities.

Akira’s ransomware message to victims after successful hijacking. Source: Singapore Police

The Singaporean authorities explained ways to detect, deter and neutralize Akira attacks. Businesses that have been compromised are advised to refrain from paying ransom to the attackers.

Refrain from paying ransom

Akira members demand payments in cryptocurrencies such as Bitcoin (BTC) to return control of their computer systems and internal data. However, Singapore authorities have asked businesses not to make payments:

“If your organization’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”

Additionally, malicious entities may attempt another attack in hopes of more ransom. FBI found that Akira never contacts the victims and expects them to reach out.

Cybersecurity best practices against ransomware attacks. Source: cisa.gov

Some recommended threat mitigation techniques are implementing a recovery plan and multifactor authentication, filtering network traffic, disabling unused ports and hyperlinks and system-wide encryption.

Related: Ransomware returns: Chainalysis flags record $1B payments in 2023

Cybersecurity firm Kaspersky recently found that North Korean hackers were targeting South Korean crypto businesses using Durian malware.

Source: Kaspersky

“Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files,” explained Kaspersky.

Additionally, Kaspersky noted that LazyLoad was also used by Andariel, a sub-group within fellow North Korean hacking consortium Lazarus Group — suggesting a “tenuous” connection between Kimsuky and the more notorious hacking group.

Magazine: Longevity expert: AI will help us become ‘biologically immortal’ from 2030