Akira, the ransomware that stole $42 million from over 250 organizations across North America, Europe and Australia within a year, is now actively targeting businesses in Singapore.
Singaporean authorities issued a joint advisory alerting local businesses about the rising threat of an Akira ransomware variant.
The alert comes after agencies, including the Cyber Security Agency of Singapore, the Singapore Police Force and the Personal Data Protection Commission, recently received several complaints from victims of the cyberattack.
Primary targets of Akira ransomware
Prior investigations conducted by the United States Federal Bureau of Investigation found that Akira ransomware has been targeting businesses and critical infrastructure entities.
The Singaporean authorities explained ways to detect, deter and neutralize Akira attacks. Businesses that have been compromised are advised to refrain from paying ransom to the attackers.
Refrain from paying ransom
Akira members demand payments in cryptocurrencies such as Bitcoin (BTC) to return control of their computer systems and internal data. However, Singapore authorities have asked businesses not to make payments:
“If your organization’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”
Additionally, malicious entities may attempt another attack in hopes of more ransom. FBI found that Akira never contacts the victims and expects them to reach out.
Some recommended threat mitigation techniques are implementing a recovery plan and multifactor authentication, filtering network traffic, disabling unused ports and hyperlinks and system-wide encryption.
Related: Ransomware returns: Chainalysis flags record $1B payments in 2023
Cybersecurity firm Kaspersky recently found that North Korean hackers were targeting South Korean crypto businesses using Durian malware.
“Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files,” explained Kaspersky.
Additionally, Kaspersky noted that LazyLoad was also used by Andariel, a sub-group within fellow North Korean hacking consortium Lazarus Group — suggesting a “tenuous” connection between Kimsuky and the more notorious hacking group.
Magazine: Longevity expert: AI will help us become ‘biologically immortal’ from 2030