The U.S. Federal Bureau of Investigation (FBI) has issued a stark warning regarding the activities of the relatively new ransomware group known as Akira, which has made significant inroads into compromising the security of over 250 organizations. According to the FBI's investigation, Akira has managed to amass approximately $42 million in ransomware proceeds by targeting enterprises and critical infrastructure entities across North America, Europe, and Australia since March 2023.
Initially focused on Windows systems, Akira ransomware has now expanded its reach to include Linux variants, broadening its scope of potential victims. This development has prompted a joint Cybersecurity Advisory (CSA) from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Center (EC3), and the Dutch National Cyber Security Center (NCSC-NL), aimed at disseminating awareness about the threat posed by Akira to a wider audience.
The advisory outlines the modus operandi of Akira, detailing how the ransomware gains initial access through vulnerable pre-installed virtual private networks (VPNs) lacking multi-factor authentication (MFA). Once inside the system, Akira proceeds to extract credentials and other sensitive information before encrypting the system and displaying a ransom message. Notably, Akira threat actors refrain from issuing an initial ransom demand or payment instructions until directly contacted by the victim organization.
To mitigate the threat posed by Akira and similar ransomware attacks, the advisory recommends implementing robust recovery plans and MFA, filtering network traffic, disabling unused ports and hyperlinks, and implementing system-wide encryption. Additionally, the FBI, CISA, EC3, and NCSC-NL emphasize the importance of ongoing testing of security programs to ensure optimal performance against the identified MITER ATT&CK techniques.
Prior warnings issued by the FBI, CISA, NCSC, and the National Security Agency (NSA) have highlighted the prevalence of malware targeting cryptocurrency wallets and exchanges. The latest report reveals that Akira has been successful in extracting data from prominent exchange applications such as Binance and Coinbase, as well as the Trust Wallet application directory, underscoring the need for heightened vigilance and proactive cybersecurity measures in the face of evolving cyber threats.
