Europol, CISA and FBI issue warning on Akira ransomware gang
Continue reading
1
3
4
On April 18, 2024, the FBI, Europol’s European Cybercrime Center (EC3), CISA and the NCSC-NL (respectively US and Dutch cybersecurity agencies) published a joint cybersecurity advisory (CSA), which covers the Akira ransomware gang. The document lists the group’s malware programs, “tactics, techniques and procedures” and indicators of compromise, past and present.
A fan of double extortion, Akira “hit a wide range of critical companies and infrastructure in North America, Europe and Australia,” reads the CSA. As of January 1, 2024, the group is thought to have attacked over 250 organizations and claimed 42 million dollars (39.3 million euros) in ransoms collected.
At the end of 2023, Akira is believed to have become the world leader in ransomware. The group should strengthen their position in 2024, given law enforcement’s crackdown on LockBit and the self-termination of ALPHV/BlackCat. The gang is rumored to be responsible for 21% of ransomware attacks around the world over the first quarter of 2024.
Originally, Akira exclusively targeted Windows-run devices, but in April 2023, it rolled out a variant of its ransomware for Linux. Akira’s line of ransomware programs is coded in C++, but the gang recently developed Megazord, a Rust-coded ransomware program, in August 2023.
“The FBI, CISA, EC3 and NCSC-NL encourage organizations to implement recommendations from the ‘mitigation’ section of the CSA, in order to reduce the likelihood and impact of these ransomware incidents,” conclude the four agencies.