Cyber ​​danger Akira ransomware

July 30, 2023
| No comments
B2B Cyber ​​Security ShortNews

Share post

Ransomware is one of the biggest threats facing businesses. This was also confirmed by the BSI in its report on the situation of IT security in Germany in 2022.

One of the most famous and notorious ransomware groups was Conti. This criminal organization formed the basis for other threat actors that split off from the ransomware group. One of these groups is Akira ransomware.

What is Akira?

Akira is a relatively new, fast-growing ransomware group, first observed in March 2023, that uses the ransomware-as-a-service (RaaS) model. RaaS are ransomware-related services and tools that even relatively inexperienced cybercriminals can use to achieve “good” results. Similar to other well-known RaaS groups, Akira penetrates corporate IT systems, exfiltrates data and encrypts applications for ransom.

If the requested ransomware is not paid, the victim's name and details will be published on Akira's leak page. According to the site, the criminal organization has compromised at least 63 organizations since its inception, with approximately 80 percent of victim companies being small and medium-sized enterprises (SMEs). All of this is suspiciously reminiscent of the notorious Conti ransomware group. For example, Akira ignores the same file types and directories as Conti Ransomware and has similar features. In addition, the "new" star in the cybercrime sky also uses the ChaCha algorithm to encrypt files.

Blockchain analytics discover cash flows

“By tracking transactions discovered during blockchain analysis, we can associate individual groups with higher confidence based on transactions to and from known threat actor-controlled cryptocurrency addresses,” said Daniel Thanos, Head of Arctic Wolf Labs . “Tracking ransom payments to Akira enabled Arctic Wolf Labs to identify transactions to Conti-associated addresses.

The same analytical methodology allowed our team to identify links between the Karakurt ransomware group, Diavol and the Conti ransomware group in 2022.” Thanos also explains, “We estimate that Akira is likely an opportunistic ransomware group given its victimology and negotiation tactics. In nearly all cases Arctic Wolf investigated, threat actors indicated that they needed time to review the exfiltrated data and issue a ransom demand.”

defense and protection

But how can companies best protect themselves against the attacks of the Akira ransomware group, be it in league with Conti or not? First of all, in the event of a ransomware attack, it is important to act prudently and to inform the relevant authorities immediately. Furthermore, the situation must be analyzed and then the necessary countermeasures must be initiated. If adequate internal resources are lacking in such an exceptional situation, companies can rely on the professional help of external security service providers such as Arctic Wolf, who have the skillset, the manpower and the appropriate tools to react appropriately and minimize the damage as much as possible.

In 2023, although Conti disbanded due to increasing pressure, internal conflicts and source code release, many of the Conti members continue to wreak havoc on businesses through their activities with other RaaS groups, including Akira. Akira continues to evolve and grow as a ransomware group by changing its tactics to evade detection. Proven security processes, such as enabling MFA on VPN appliances, can significantly reduce the likelihood of a successful Akira compromise, as can regular system patches and updates as part of a comprehensive cybersecurity strategy.

More at ArcticWolf.com

 

About Arctic Wolf

Arctic Wolf is a global leader in security operations, providing the first cloud-native security operations platform to mitigate cyber risk. Based on threat telemetry spanning endpoint, network and cloud sources, the Arctic Wolf® Security Operations Cloud analyzes more than 1,6 trillion security events per week worldwide. It provides company-critical insights into almost all security use cases and optimizes customers' heterogeneous security solutions. The Arctic Wolf platform is used by more than 2.000 customers worldwide. It provides automated threat detection and response, enabling organizations of all sizes to set up world-class security operations at the push of a button.

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

 

Short news
, , , ,