Akira Strikes: $42M Bitcoin Ransomware Raid On 250+ Firms Unveiled By FBI

According to global cybersecurity authorities, a ransomware group known as Akira has been active for about a year and has breached over 250 organizations, resulting in approximately $42 million in ransom payments.

The United States Federal Bureau of Investigation (FBI) conducted investigations revealing that Akira ransomware has been targeting businesses and critical infrastructure across North America, Europe, and Australia since March 2023. Initially focusing on Windows systems, Akira has recently expanded its reach to include Linux variants, as discovered by the FBI.

In response to this threat, the FBI, in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL), issued a joint cybersecurity advisory (CSA) to raise awareness and mitigate the risks posed by Akira.

Per the advisory, Akira initiates its infiltration via pre-installed virtual private networks (VPNs) devoid of multifactor authentication (MFA). Subsequently, the ransomware extracts credentials and sensitive data, culminating in a system lockdown and the display of a ransom note.

“Akira threat actors avoid leaving an initial ransom demand or payment instructions within compromised networks. They only disclose this information upon contact with the victim.”

The ransomware gang insists on receiving Bitcoin payments from the targeted organizations in exchange for restoring access. This malicious software frequently turns off security measures once it gains initial entry to prevent detection.

Cybersecurity best practices against ransomware attacks. Source: cisa.gov

Bitcoin Security: Mitigating Malware Threats

Moreover, As outlined in the advisory, various strategies for mitigating threats include enacting a recovery plan alongside Multi-Factor Authentication (MFA), filtering network traffic, deactivating unused ports and hyperlinks, and implementing system-wide encryption.

The FBI, CISA, EC3, and NCSC-NL have jointly advised consistent and thorough testing of your security protocols within a live environment to ensure effective mitigation against the MITRE ATT&CK techniques outlined in this advisory.

The FBI, CISA, NCSC, and the U.S. National Security Agency (NSA) have all issued alerts about malware targeting crypto wallets and exchanges.

Directories where the malware extracted information. Source: National Cyber Security Centre

The report highlighted that the malware could extract data from directories within the Binance and Coinbase exchange applications and the Trust Wallet application. It stated that all files within these directories were being taken, irrespective of their type.

Related Reading | SHIB At Crossroads: Navigating The 100-Day EMA Tightrope

The author’s views are for reference only and shall not constitute any investment advice. Please ensure you fully understand and assess the products and associated risks before purchasing.

Comments (No)

Leave a Reply