Akira Ransomware Has Impacted Over 250 Organizations

Akira ransomware continues to threaten businesses across North America, Europe, and Australia. Now targeting both Windows and Linux systems, it has impacted over 250 organizations and led to around $42 million USD in stolen money. Akira, along with other types of ransomware, continues to be a challenge for unprepared businesses.

What Is Akira Ransomware?

Akira ransomware is a significant cyber threat that first appeared in March 2023, affecting organizations across North America, Europe, and Australia. Initially targeting Windows systems, it extended its reach to Linux systems, specifically focusing on virtual server environments. Akira combines multiple encryption methods, making unlocking files without the key challenging.

The group behind Akira ransomware uses a double extortion tactic, encrypting the victim’s data, stealing it, and threatening to publish it unless a ransom is paid. This is enhanced by their practice of exploiting known vulnerabilities, particularly in Cisco products and VPN services, without multi-factor authentication (MFA).

Signs that Akira ransomware may be present include using various tools to gather information, steal login credentials, and move silently through a network. These tools include network scanners and programs designed to steal passwords. Akira also employs advanced techniques to avoid detection and secretly remove data using common software like FileZilla and WinRAR.

How a Ransomware Attack Works

Each type of ransomware may combine different techniques to deploy their attack. However, they all use a similar underlying strategy to exploit their victims for money:

Step 1: Infiltration

The attacker finds a way into the network. That is often through phishing emails, exploiting security vulnerabilities, or tricking someone into downloading malicious software.

Step 2: Installation

Once inside, the ransomware is installed on the victim’s computer or network. It often stays hidden, preparing to launch a future attack without immediate detection.

Step 3: Encryption

The ransomware activates and locks the files on the computer or network. The encryption makes the files inaccessible without a unique key that only the attacker controls.

Step 4: Demand

After encryption, a message is displayed demanding payment in exchange for the key needed to unlock the files. There’s often a deadline before the files are permanently locked.

Step 5: Payment 

The victim must decide whether to pay the ransom to obtain the decryption key or permanently lose access to the encrypted files.

Step 6: Decryption (Non-Guaranteed)

If the ransom is paid, the attackers may provide a decryption key to unlock the files, though this is never guaranteed.

Ransom Deadlines Put Extra Pressure on Organizations

Ransom deadlines can create intense pressure on organizations. This forces them to make quick decisions to prevent further damage, such as increased ransom demands, public exposure, or data deletion. Such deadlines can disrupt operations and push organizations towards paying the ransom to resolve the crisis quickly. Hospitals are especially vulnerable, as locked data can impact patient care.

Who Is Behind Akira Ransomware?

The group behind Akira ransomware hasn’t been publicly identified, and nobody has claimed responsibility. These details are often kept confidential. Typically, organized cybercrime groups, skilled in exploiting security weaknesses, are responsible for attacks like Akira. These groups target anyone they believe they can extort money from. While in some cases, specific businesses are attacked, in other times, the ransomware is widely spread at random.

How To Defend Your Business Against Akira Ransomware

Preparation is your best defense against Akira ransomware. It may already be too late if you don’t already have a strategy in place before an attack. To defend against Akira, the FBI and cybersecurity agencies recommend strong security practices. That includes:

• Regular Backups: Keep regular backups of all critical data, and ensure these backups are stored offline or in a separate location. Regularly test the backups to ensure they can be restored.
• Update and Patch Systems: Regularly update and patch devices, software, and applications to their latest versions. Outdated versions often have vulnerabilities.
• Don’t Use Unsupported or End-Of-Life Devices: Any devices that no longer receive security patches or are near their end-of-life date should be retired. Unsupported systems often have vulnerabilities that can allow ransomware access.
• Use Anti-Virus and Anti-Malware Solutions: Install and maintain reputable anti-virus and anti-malware software to detect and prevent malicious attacks. Ensure that it is always updated.
• Employ Network Segmentation: Divide your network into segments, making it harder for ransomware to spread across the entire network.
• Implement Access Controls: Set user access to the minimum necessary for their job roles. If one user’s device is infected, that can limit what data is stolen and ransomed.
• Enable Multi-Factor Authentication (MFA): Require MFA for accessing sensitive systems and data. This will make it harder for ransomware attacks to start or spread across systems.
• Regular Security Audits: Conduct regular security audits and penetration tests to uncover security vulnerabilities. Use the results to fix holes in protection.
• Create an Incident Response Plan: Develop and maintain an incident response plan that includes procedures for responding to ransomware attacks. This should also include how to restore systems from backups and whom to contact for legal and forensic investigation.
• Educate Employees: Conduct cybersecurity awareness training sessions to educate employees about the risks of ransomware, phishing, and safe internet practices. Encourage them to be cautious with email attachments and links from unknown sources.
• Use Advanced Threat Protection (ATP): Implement advanced threat protection solutions that can identify and block ransomware and other threats before they infiltrate the network.

By implementing some of these strategies, organizations can significantly reduce their vulnerability to Akira ransomware and make it easier to recover should an attack occur.

Encryption Can Help Protect Stolen Data

While the best defense against Akira ransomware is to prevent the attack in the first place, no defense is perfect. And even if a business has backups to fully recover locked data, anything that’s already taken won’t be returned without paying a ransom. Methods like encryption can help protect data that’s stolen. If the attacker can’t access the decryption key, anything that’s taken would not be readable, usable, or sellable by them.

How ITonDemand Protects Clients From Ransomware

ITonDemand offers clients a wide range of IT services and treats every ransomware threat with care. Some of our available solutions include anti-virus software, maintaining data backups, MFA, edge protection, threat detection and response, and more. Additionally, we offer compliance services, ensuring that organizations are not only using best security practices for their industry but are also compliant with their cyber insurance policy.

Don’t Be Caught Unprepared

The businesses most harmed by Akira ransomware are those that are caught unprepared. Since ransomware is used to lock down critical files and systems, organizations are often forced to pay the ransom for the continuity of services. Even worse, when threats like Akira use double extortion, some may be pressured to pay the ransom even if they have a data backup. Combining an incident response plan with techniques like encryption

Does your business have a response plan for ransomware? If not, ITonDemand can protect you with our IT security services. For more details, get in touch through our contact form or call us at: +1 (800) 297-8293