According to a joint advisory from the FBI, CISA, Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cybersecurity Centre (NCSC-NL), the Akira ransomware operation has successfully infiltrated the networks of more than 250 organizations, accumulating approximately $42 million in ransom payments.
The Akira Ransomware Group
Emerging in March 2023, Akira gained notoriety by targeting victims across various industries on a global scale.
By June 2023, the ransomware developers associated with the group had developed and deployed a Linux encryptor specifically designed to target VMware ESXi virtual machines, which are extensively utilized by enterprise organizations.
The operators behind the Akira ransomware are demanding varying ransom amounts from affected organizations.
The requested ransoms range from $200,000 to several million dollars, depending on the size and scale of the compromised entity.
This demonstrates the flexible and adaptable nature of their extortion tactics, tailored to the financial capabilities of each targeted organization.
“As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds,”
“Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia.”
The joint advisory warns.
In recent incidents, Akira ransomware has targeted notable organizations such as Nissan Oceania and Stanford University, resulting in data breaches that impacted a significant number of individuals.
Nissan Oceania reported a breach affecting 100,000 people in March, while Stanford University disclosed a breach involving the personal information of 27,000 individuals last month.
Since its emergence, Akira has expanded its list of targeted organizations, with over 230 entities being added to their dark web leak website.
This highlights the group’s continued activity and the increasing number of victims falling prey to their attacks.
The advisory released today provides valuable guidance on mitigating the impact and reducing the risks associated with the attacks orchestrated by this ransomware gang.
It aims to assist organizations in enhancing their defenses and minimizing the potential consequences of Akira’s malicious activities.
Network defenders are strongly advised to prioritize the patching of known vulnerabilities that have already been exploited. It is crucial to enforce multifactor authentication (MFA) with strong passwords across all services, particularly for webmail, VPN, and accounts associated with critical systems. This helps safeguard against unauthorized access.
Furthermore, it is essential to regularly update and patch software to the latest versions to address any known vulnerabilities.
Conducting vulnerability assessments should be an integral part of standard security protocols to identify and address potential weaknesses in the network.
The joint advisory also includes indicators of compromise (IOCs) related to Akira ransomware and provides information on the tactics, techniques, and procedures (TTPs) observed during FBI investigations, as recently as February 2024. These resources aid in enhancing threat detection and response capabilities.
“The FBI, CISA, EC3, and NCSC-NL encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents,” they urged on Thursday.