Global Alert - Understanding and Defending Against the Akira Ransomware Menace
Introduction
In a significant international collaboration, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) have released a joint Cybersecurity Advisory (CSA) on the 19th of April, 2024.
This advisory, titled #StopRansomware: Akira Ransomware, provides detailed information on the methods, tactics, and procedures of the Akira ransomware which has been actively compromising global systems.
Overview of Akira Ransomware
The Akira ransomware initially targeted Windows systems but has since evolved to affect Linux systems, specifically targeting VMware ESXi virtual machines. The ransomware utilises two primary strains of code: Megazord, which is Rust-based, and Akira, developed using C++.
Since its emergence in August 2023, Akira ransomware has severely impacted a wide array of sectors, including critical infrastructure in North America, Europe, and Australia, accruing about $42 million in ransom payments.
Impact and Scope
The widespread impact of Akira ransomware underscores the substantial threat it poses to international businesses and infrastructure.
It not only encrypts files but also employs "double extortion" tactics, where attackers exfiltrate sensitive data and threaten to release it unless a ransom is paid. This can lead to severe operational disruptions, data loss, financial loss, and reputational damage.
Mitigation Strategies
CISA and its partners strongly urge entities, especially those in critical infrastructure sectors, to review and implement the recommended mitigation strategies to minimise the risk and impact of ransomware attacks.
The updated #StopRansomware Guide, available on CISA’s dedicated webpage, offers comprehensive guidance and resources.
Guidelines to Manage Ransomware
Ransomware is an escalating threat that requires vigilant security practices to defend against. Here are some critical guidelines recommended by CISA and the Australian Cyber Security Centre (ACSC) to help manage and counter ransomware threats:
1. Recognise the Signs
Be aware of the typical indications of a ransomware infection, such as unexpected pop-ups demanding a ransom, inability to access certain files, or discovering files with unusual extensions or in unexpected locations.
2. Implement Preventive Measures
Avoid clicking on suspicious links, opening attachments from unknown sources, or visiting untrusted websites, as these are common vectors for ransomware dissemination.
3. Establish Robust Backups
Regularly back up important data and ensure that backups are not connected to your primary network. This helps in restoring critical data without yielding to ransom demands.
4. Never Pay the Ransom
Paying the ransom does not guarantee the recovery of your data and may expose you to further attacks. It also encourages the perpetuation of these malicious activities.
5. Seek Professional Help
In the event of a ransomware attack, contact relevant authorities or cyber security professionals immediately. For instance, organisations in Australia can call the ACSC Hotline at 1300 CYBER1 (1300 292 371) for 24/7 assistance.
The escalating threat of ransomware like Akira requires a coordinated and comprehensive approach to cybersecurity. By staying informed about the latest threats and adhering to established cybersecurity practices, organisations can better protect themselves from significant financial and operational harm.
