Akira: A new ransomware gang wreaks havoc
Akira: A new ransomware gang wreaks havoc

News -

Akira: A new ransomware gang wreaks havoc

  • Emerging in March this year, Akira quickly joined the most active ransomware groups as number four.
  • Logpoint has analyzed the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise IoCs enabling protection.

COPENHAGEN, Denmark, September 21, 2023 – The Akira ransomware group has emerged as a tenacious adversary and grabbed widespread notice quickly. The group appeared in March 2023 and became the 4th most active group in August, demanding millions of dollars in ransom from victims. The group primarily targets organizations in the UK and US within various industries, including education, finance, real estate, manufacturing, and consulting.

“Akira has shown itself as incredibly active and quickly built an extensive victims list. With every campaign, the gang evolves with new features and capabilities,” says Swachchhanda Shrawan Poudel, Logpoint Security Research Engineer. “Since its emergence in March this year, it already has a trail of victims, and there’s no suggestion that the activity level is decreasing. It’s quite the contrary, as the number of victims increases each month.”

Akira ransomware is sophisticated malicious software designed to encrypt files on a victim’s system, delete shadow copies, and provide instructions for ransom payment and data recovery. It employs encryption algorithms, exclusion criteria, and a TOR-based communication system to perform malicious operations.

Logpoint’s research has uncovered the Akira infection chain through malware analysis. Akira actively targets Cisco ASA VPNs without multifactor authentication to exploit CVE-2023-20269 as an entry point for their ransomware. The gang employs several different malware samples in their campaigns, which initiates a series of steps when executed to encrypt victim files, including shadow copy deletion, file and directory search, and enumeration and encryption process.

“The rise of Akira serves as a reminder to get the basic cyber hygiene in order,” says Swachchhanda Shrawan Poudel. “In this particular case, implementing multifactor authentication can make the difference between a devastating cyberattack and an insignificant breach attempt. Organizations must monitor risks and build adequate defenses, such as keeping software and systems updated, auditing privileged accounts, and employing network segmentation.”

Logpoint’s security operations platform, Converged SIEM, contains extensive tools and capabilities for identifying, evaluating, and mitigating the impact of Akira Ransomware. With features like native endpoint solution AgentX and SOAR with pre-configured playbooks, it enables security teams to automate essential incident response procedures, gather vital logs and data, and expedite malware detection and removal operations.

Read Logpoint’s full report about Akira here and get a deep dive into the infection chain, technical analysis of malware samples, and recommendations to safeguard against the threat.

Related links

Topics

Categories

Contacts

Maimouna Corr Fonsbøl

Maimouna Corr Fonsbøl

Press contact Head of PR PR & Communications +45 25 66 82 98

Related media Download images for media use

Swachchhanda Shrawan Poudel
  • Swachchhanda Shrawan Poudel
  • License: Media Use
    The content may be downloaded by journalists, bloggers, columnists, creators of public opinion, etc. It can be used and shared in different media channels to convey, narrate, and comment on your press releases, posts, or information, provided that the content is unmodified. The author or creator shall be attributed to the extent and in the manner required by good practice (this means, for example, that photographers should be attributed).
  • File format: .jpg
  • Size: 1569 x 1188, 4.33 MB
Download

Related content

Logpoint releases enhanced automation, investigation, and incident response capabilities

Logpoint releases enhanced automation, investigation, and incident response capabilities

Logpoint releases various updates to its Converged SIEM platform to help SOC teams operate with practical SOC-centered functions and improved end-to-end functionality. The new release enables organizations to increase automation, investigation, and the ability to react to security events.

8base is among the top 5 ransomware groups this summer

8base ransomware group significantly boosts activity level

8base is among the top 5 ransomware groups this summer, and Logpoint has uncovered the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise IoCs to look out for.

Warning about Russian threat actor Gamaredon

Warning about Russian threat actor Gamaredon: How to stay protected ahead of invasion anniversary cyber threat

Logpoint has conducted research into the hacktivist group Gamaredon, which according to Ukrainian CERT, is actively renewing attack efforts shifting focus from destruction to espionage and information stealing.

Royal ransomware investigation: How to brace for the sharp increase

Royal ransomware investigation: How to brace for the sharp increase

Logpoint research reveals what organizations should monitor for to safeguard against the rapid increase in royal ransomware attacks. The Royal ransomware group has leaked data of more than 60 victims since November 2022.

The infamous state-sponsored Advanced Persistent Threat (APT) linked to Russia remains active, posing a severe threat to organizations

Cozy Bear: Unmasking the decades-long espionage arsenal

The infamous state-sponsored Advanced Persistent Threat (APT) linked to Russia remains active, posing a severe threat to organizations. Logpoint has analyzed the Tactics, Techniques, and Procedures (TTPs), helping organizations detect the threat actor.

Logpoint has collated a report highlighting the TTPs and IoCs applied by Cactus to create alert rules to detect methods the group uses

Cactus: Defending against a ransomware newcomer

Cactus emerged in March this year and has since built an extensive portfolio of high-profile victims. Logpoint has analyzed Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IoCs) to establish defenses.
COPENHAGEN, Denmark, November 27, 2023 – Cactus has emerged as a sophisticated ransomware group with a severe impact on its victims. The newcomer first appeared in March