Heimdal
article featured image

Contents:

The National Cyber Security Centre Finland announced a surge in Akira ransomware attacks. Threat actors used Akira malware in six out of the seven ransomware attacks reported in December 2023.

The attackers used VPNs that lacked multi-factor authentication. They exploited CVE-2023-20269 on Cisco ASA or FTD devices and obtained initial access through brute force attack.

Once they gained access, according to BleepingComputer.com, the attackers attempted further operations:

  • Mapping the network
  • Stealing usernames and passwords
  • Encrypting files and VM disks, etc.

To increase pressure, hackers not only encrypt the target`s data, but also search and delete backup copies.

Akira ransomware prevention measures

Security researchers disclosed the CVE-2023-20269 flaw in September 2023. Cisco released patches one month later, so System Admins could apply them.

The two specific prevention measures for this particular case are:

  • Updating Cisco devices to latest versions

Additionally, to protect against ransomware attacks and data loss, apply the following best practices:

  • Establish a patch management process to keep all software on all connected devices updated
  • Use a DNS filtering solution to block both inbound and outbound malicious communication. This will prevent hackers to deploy malware on your devices and exfiltrate data.
  • Apply a strong password policy to prevent brute force attacks
  • Create backups and store at least one of them outside the network

Akira ransomware attacks on the rise

According to RedPacket Security, since the beginning of 2024, Akira announced infecting with ransomware ten other companies.

Reportedly, Becker Logistics, TGS Transportations, Blackburn College, Heller Industries, and Van Buren Public Schools are on the Akira ransomware victims list.

akira ransomware attacks

Source – RedPacket Security subreddit

If you suffered a ransomware attack, we advise you to report the incident to law enforcement officials in your country. Do not pay the ransom. That would only encourage the attackers to perpetuate their Ransomware-as-a-Service business model.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE