Alerts and Advisories 17 October 2023

Akira Ransomware

Advisory

Advisory
17 October 2023

 

Background

Akira is a ransomware group which was first observed in March 2023. Akira ransomware actors typically gain access to victims’ devices by using compromised credentials. Its operators use multi-extortion tactics, steal victims’ critical data and encrypts devices and files before demanding outrageous ransom payments. Victims who fail to comply with their demands will be listed on their TOR-based website along with the stolen data.

Akira commonly infiltrates targeted Windows and Linux systems through VPN services, especially where users haven't enabled multi-factor authentication.

 

Impact

Once a system is infected with Akira, the malware will attempt to delete backup folders that could be used to restore lost data. Files are encrypted and the .akira extension is added. A ransom is demanded in exchange for file decryption or data deletion.

 

System Affected

  • Cisco Adaptive Security Appliance (ASA) software
  • Cisco Firepower Threat Defense (FTD) software

 

Platforms Affected

  • Microsoft Windows
  • Cisco Firepower Threat Defense (FTD) software

 

Recommendations

  • Use anti-malware software or other security tools capable of detecting and blocking known ransomware variants.
  • Monitor network traffic and look for indicators of compromise such as unusual network traffic patterns or communication with known command-and-control servers.
  • Conduct regular security audits and assessments to identify network and system vulnerabilities and ensure that all security controls are in place and functioning properly.
  • Educate employees on the risks of ransomware and train them on cybersecurity best practices, including identifying and reporting suspicious emails or other threats.
  • Implement a robust backup and recovery plan to ensure that your organization has a copy of its data and can restore it in case of an attack. Store them in a secure, offsite location.
  • Implement strong passwords and enable Multi-Factor Authentication (MFA) for all user accounts.
  • Update and patch systems to fix known vulnerabilities and to prevent them from being exploited.

 

References

https://therecord.media/akira-ransomware-early-victims-conti-links
https://www.sentinelone.com/anthology/akira/
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-akira
https://www.fortinet.com/blog/threat-research/ransomware-roundup-akira