April 19th — A recent joint advisory from the FBI, CISA, Europol’s European Cybercrime Center (EC3) and the Netherlands’ National Cyber Security Centre (NCSC-NL) highlights the extensive impact of the Akira ransomware operation on organizations worldwide.

Since its emergence in March of 2023, Akira has breached the networks of over 250 organizations, amassing approximately $42 million in ransom payments.

Akira’s operations

Akira gained notoriety by targeting victims across divergent industry verticals. By June of 2023, the group had developed a Linux encryptor to target certain virtual machines that are commonly used in enterprises.

Akira and ransom demands

Demanding ransoms ranging from $200,000 to millions of dollars, Akira operators have hit business and critical infrastructure entities in North America, Europe and Australia.

In addition to launching malware and collecting remuneration, the group has also added over 230 organizations to its dark web leak website.

Actionable steps

The advisory includes indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) identified by authorities as recently as February 2024.

Network defenders are advised to prioritize the patching of vulnerabilities, to enforce multi-factor authentication (MFA) with strong passwords, to update software regularly and to conduct vulnerability assessments.

Authorities strongly encourage organizations to implement recommended mitigations to reduce the likelihood and impact of ransomware incidents.

For more on this story, click here. To receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.