Ransomware is one of the biggest threats facing businesses. This was also confirmed by the BSI in its report on the situation of IT security in Germany in 2022.
One of the most famous and notorious ransomware groups was Conti. This criminal organization formed the basis for other threat actors that split off from the ransomware group. One of these groups is Akira ransomware.
What is Akira?
Akira is a relatively new, fast-growing ransomware group, first observed in March 2023, that uses the ransomware-as-a-service (RaaS) model. RaaS are ransomware-related services and tools that even relatively inexperienced cybercriminals can use to achieve “good” results. Similar to other well-known RaaS groups, Akira penetrates corporate IT systems, exfiltrates data and encrypts applications for ransom.
If the requested ransomware is not paid, the victim's name and details will be published on Akira's leak page. According to the site, the criminal organization has compromised at least 63 organizations since its inception, with approximately 80 percent of victim companies being small and medium-sized enterprises (SMEs). All of this is suspiciously reminiscent of the notorious Conti ransomware group. For example, Akira ignores the same file types and directories as Conti Ransomware and has similar features. In addition, the "new" star in the cybercrime sky also uses the ChaCha algorithm to encrypt files.
Blockchain analytics discover cash flows
“By tracking transactions discovered during blockchain analysis, we can associate individual groups with higher confidence based on transactions to and from known threat actor-controlled cryptocurrency addresses,” said Daniel Thanos, Head of Arctic Wolf Labs . “Tracking ransom payments to Akira enabled Arctic Wolf Labs to identify transactions to Conti-associated addresses.
The same analytical methodology allowed our team to identify links between the Karakurt ransomware group, Diavol and the Conti ransomware group in 2022.” Thanos also explains, “We estimate that Akira is likely an opportunistic ransomware group given its victimology and negotiation tactics. In nearly all cases Arctic Wolf investigated, threat actors indicated that they needed time to review the exfiltrated data and issue a ransom demand.”
defense and protection
But how can companies best protect themselves against the attacks of the Akira ransomware group, be it in league with Conti or not? First of all, in the event of a ransomware attack, it is important to act prudently and to inform the relevant authorities immediately. Furthermore, the situation must be analyzed and then the necessary countermeasures must be initiated. If adequate internal resources are lacking in such an exceptional situation, companies can rely on the professional help of external security service providers such as Arctic Wolf, who have the skillset, the manpower and the appropriate tools to react appropriately and minimize the damage as much as possible.
In 2023, although Conti disbanded due to increasing pressure, internal conflicts and source code release, many of the Conti members continue to wreak havoc on businesses through their activities with other RaaS groups, including Akira. Akira continues to evolve and grow as a ransomware group by changing its tactics to evade detection. Proven security processes, such as enabling MFA on VPN appliances, can significantly reduce the likelihood of a successful Akira compromise, as can regular system patches and updates as part of a comprehensive cybersecurity strategy.
More at ArcticWolf.com
About Arctic Wolf Arctic Wolf is a global leader in security operations, providing the first cloud-native security operations platform to mitigate cyber risk. Based on threat telemetry spanning endpoint, network and cloud sources, the Arctic Wolf® Security Operations Cloud analyzes more than 1,6 trillion security events per week worldwide. It provides company-critical insights into almost all security use cases and optimizes customers' heterogeneous security solutions. The Arctic Wolf platform is used by more than 2.000 customers worldwide. It provides automated threat detection and response, enabling organizations of all sizes to set up world-class security operations at the push of a button.
Matching articles on the topic