The Akira ransomware group, which emerged in March 2023, is under investigation by the FBI as one of the top five ransomware variants. Their tactics involve double-extortion, encrypting systems after stealing sensitive data to increase pressure on victims. With a reported $244 million in ransom proceeds, Akira primarily targets small to medium-sized businesses across various sectors, including manufacturing and healthcare. The collaborative advisory from U.S. agencies and Europol details several vulnerabilities exploited by Akira, particularly those affecting widely used software and hardware.
Recent attacks attributed to Akira have exploited CVE-2024-40766, leading to a spike in incidents among approximately 40 victims. Authorities highlight the group’s quick operational tempo, often exfiltrating data within just two hours of initial access. Akira’s methods include credential theft, brute-force attacks, and using remote access tools to maintain persistence. The ongoing evolution of their tactics necessitates improved defenses against such sophisticated cyber threats, as emphasized by CISA and FBI officials, who note the high remediation costs associated with these attacks.
👉 Pročitaj original: CyberScoop
