Bitcoin ransomware Akira drains $42M from more than 250 companies: FBI

Last year, the ransomware gang known as Akira infiltrated over 250 organizations and managed to extort around $42 million in ransoms. This alarming news was shared by leading international cybersecurity organizations.

The FBI in the United States has reported that Akira ransomware has been attacking businesses and crucial entities in North America, Europe, and Australia since March 2023. Originally focusing on Windows operating systems, more recent discoveries by the FBI have uncovered a Linux version of this malware as well.

The FBI, CISA, Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) have issued a joint warning (CSA) to inform the public about a cybersecurity threat.

Based on the warning, Akira obtains early entry using unsecured pre-installed Virtual Private Networks (VPN) that don’t have two-factor authentication (2FA). Subsequently, the ransomware gathers login credentials and valuable data before encrypting the system and presenting a demand for payment.

“Akira threat actors do not leave an initial ransom demand or payment instructions on compromised networks, and do not relay this information until contacted by the victim.”

Ransomware attackers ask infected companies to pay them in Bitcoin for restoring access to their systems. Once they’ve gained entry, these cybercriminals typically disable security measures to keep their presence hidden.

Bitcoin ransomware Akira drains $42M from more than 250 companies: FBI

The security advice suggests certain methods for lessening risks, which include creating a recovery plan, enabling multifactor authentication, filtering internet traffic, deactivating unneeded ports and hyperlinks, and encrypting systems in their entirety.

The FBI, CISA, EC3, and NCSC-NL advise regularly evaluating your security system’s effectiveness in real-life conditions, at full capacity, to achieve peak performance against the MITRE ATT&CK tactics mentioned in this alert.

Previously, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), National Cyber Security Centre (NCSC) of the United Kingdom, and the National Security Agency (NSA) issued warnings about malware threatening crypto wallets and digital currency exchanges.

Bitcoin ransomware Akira drains $42M from more than 250 companies: FBI

The report revealed that certain data from the Binance, Coinbase, and Trust Wallet apps’ directories, which were obtained by the malware, were being taken out. The report specified that all types of files in these directories were being stolen.

Read More

2024-04-19 11:00