Bitcoin ransomware Akira costs more than 250 companies $42 million: FBI
The year-old ransomware group Akira has breached more than 250 organizations and generated nearly $42 million in ransomware revenue, the world's top cyber security agencies announced.
An investigation by the United States Federal Bureau of Investigation (FBI) found that the Akira ransomware has been targeting commercial and critical infrastructure facilities in North America, Europe, and Australia since March 2023. While the ransomware initially targeted Windows systems, the FBI recently discovered Akira Linux. Alternative as well.
The FBI, together with the Cyber Security and Infrastructure Security Agency (CISA), Europol's European Cyber Crime Center (EC3) and the Netherlands National Cyber Security Center (NCSC-NL) have issued a Cyber Security Advisory (CSA) to the public.
According to the advisory, Akira gains initial access through pre-installed virtual private networks (VPNs) that lack multi-factor authentication (MFA). The ransomware continues to extract credentials and other sensitive information before locking the system and displaying a ransom note.
“Akira threat actors do not leave initial ransom demands or payment instructions on compromised networks and do not transmit this information until the victim contacts them.”
The ransomware group demands Bitcoin (BTC) from victim organizations to restore access. Such malware often disables security software after initial access to avoid detection.
Some of the threat mitigation techniques recommended in the advisory are implementing a recovery plan and MFA, filtering network traffic, disabling unused ports and hyperlinks, and system-wide encryption.
“The FBI, CISA, EC3, and NCSC-NL recommend that you regularly test your security program in a production environment to ensure optimal performance against the MITER ATT&CK techniques described in this advisory,” the agencies concluded.
Related: Mysterious Malware Targets Duty Fraudsters, Stealing Bitcoin
The FBI, CISA, NCSC and the US National Security Agency (NSA) have previously issued alerts about malware being used to attack crypto wallets and exchanges.
Some of the data extracted by the malware included data from the Binance and Coinbase exchange apps directory and the Trust Wallet app, according to the report. According to the report, every file in the listed directories is being scanned regardless.
Magazine: Get Bitcoin or die tryin: Why hip hop stars love crypto
