The National Cyber Security Centre Finland announced a surge in Akira ransomware attacks. Threat actors used Akira malware in six out of the seven ransomware attacks reported in December 2023.
The attackers used VPNs that lacked multi-factor authentication. They exploited CVE-2023-20269 on Cisco ASA or FTD devices and obtained initial access through brute force attack.
Once they gained access, according to BleepingComputer.com, the attackers attempted further operations:
- Mapping the network
- Stealing usernames and passwords
- Encrypting files and VM disks, etc.
To increase pressure, hackers not only encrypt the target`s data, but also search and delete backup copies.
Akira ransomware prevention measures
Security researchers disclosed the CVE-2023-20269 flaw in September 2023. Cisco released patches one month later, so System Admins could apply them.
The two specific prevention measures for this particular case are:
- Updating Cisco devices to latest versions
- Enabling multi-factor authentication
Additionally, to protect against ransomware attacks and data loss, apply the following best practices:
- Use end-to-end encryption for sensitive data
- Establish a patch management process to keep all software on all connected devices updated
- Use a DNS filtering solution to block both inbound and outbound malicious communication. This will prevent hackers to deploy malware on your devices and exfiltrate data.
- Apply a strong password policy to prevent brute force attacks
- Educate employees on recognizing phishing emails.
- Create backups and store at least one of them outside the network
Akira ransomware attacks on the rise
According to RedPacket Security, since the beginning of 2024, Akira announced infecting with ransomware ten other companies.
Reportedly, Becker Logistics, TGS Transportations, Blackburn College, Heller Industries, and Van Buren Public Schools are on the Akira ransomware victims list.
Source – RedPacket Security subreddit
If you suffered a ransomware attack, we advise you to report the incident to law enforcement officials in your country. Do not pay the ransom. That would only encourage the attackers to perpetuate their Ransomware-as-a-Service business model.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;