Akira, a year-old ransomware group, breached more than 250 organizations and extracted approximately $42 million in ransomware proceeds, top global cybersecurity agencies alerted.
Investigations conducted by the United States Federal Bureau of Investigation (FBI) found that Akira ransomware has been targeting businesses and critical infrastructure entities in North America, Europe and Australia since March 2023. While the ransomware initially targeted Windows systems, the FBI recently found Akira’s Linux variant as well.
The FBI, along with Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3) and the Netherlands’ National Cyber Security Centre (NCSC-NL), released a joint cybersecurity advisory (CSA) to “disseminate” the threat to masses.
According to the advisory, Akira gains initial access through pre-installed virtual private networks (VPNs) that lack multifactor authentication (MFA). The ransomware then proceeds to extract credentials and other sensitive information before locking up the system and displaying a ransom note.
“Akira threat actors do not leave an initial ransom demand or payment instructions on compromised networks, and do not relay this information until contacted by the victim.”
The ransomware group demands payments in Bitcoin (BTC) from the victim organizations to restore access. Such malware often disables security software after initial access to avoid detection.
Some of the threat mitigation techniques recommended in the advisory are implementing a recovery plan and MFA, filtering network traffic, disabling unused ports and hyperlinks and system-wide encryption.
“The FBI, CISA, EC3, and NCSC-NL recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory,” the agencies concluded.
Related: Mystery malware targets Call of Duty cheaters, stealing their Bitcoin
The FBI, CISA, NCSC and the U.S. National Security Agency (NSA) previously issued alerts about malware that was being used to target crypto wallets and exchanges.
The report noted that some of the data extracted by the malware included data within the directories of the Binance and Coinbase exchange applications and the Trust Wallet application. According to the report, every file in the directories listed is being exfiltrated regardless of type.
Magazine: Get Bitcoin or die tryin’: Why hip hop stars love crypto