Singapore warns businesses of Bitcoin ransomware threat
Akira, which stole $42 million from more than 250 organizations in North America, Europe and Australia, is now actively targeting businesses in Singapore.
Singaporean authorities have issued a joint advisory warning local businesses about the growing threat of Akira ransomware variants.
The alert comes after agencies including the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF) and the Personal Data Protection Commission (PDPC) recently received several complaints from victims of the cyber attack.
The main targets of Akira ransomware
Previous investigations by the United States Federal Bureau of Investigation (FBI) have revealed that Akira ransomware has been targeting businesses and critical infrastructure.
Singapore authorities have explained ways to detect, prevent and eliminate Akira attacks. Affected businesses are advised to avoid paying ransom to the attackers.
Avoid paying ransom
Akira members demand payments in cryptocurrencies such as Bitcoin (BTC) to regain control of their computers and internal data. However, Singaporean authorities have asked businesses not to make payments.
“If your organization's systems are compromised with ransomware, we do not recommend paying the ransom and we recommend that you report the incident to the authorities immediately. Paying the ransom does not guarantee that the data will be decrypted or that malicious actors will not publish your data.
Additionally, malicious entities may attempt another attack in hopes of obtaining additional ransom. The FBI confirmed that Akira would never contact victims and wait for them to reach out.
Some recommended threat mitigation techniques are implementing a recovery plan and multi-factor authentication (MFA), filtering network traffic, disabling unused ports and hyperlinks, and system-wide encryption.
Related: Ransomware Returns: Chainalysis Flags Record $1B Payments by 2023
Cybersecurity company Kaspersky recently confirmed that North Korean hackers are targeting South Korean crypto businesses using Durian malware.
“Durian boasts comprehensive background functionality that enables the execution of sent commands, additional file downloads and file scanning,” Kaspersky explains.
Additionally, Kaspersky said LazyLoad was used by Andariel, a sub-group within the same North Korean hacking syndicate Lazarus Group – suggesting a “troublesome” relationship between Kimsuki and the well-known hacking group.
Magazine: Longevity Expert: AI Will Help Us Become ‘Biologically Immortal' By 2030