The IT Nerd

Akira is rapidly rising as one of the fastest-growing ransomware groups due to its utilization of double extortion strategies, a ransomware-as-a-service (RaaS) distribution approach and distinctive payment methods. According to Trend Micro, Akira’s ties can be traced back to the now-defunct Conti ransomware family.

Canada is the top 3rd country affected by successful RaaS and extortion attacks in the first and second quarters of 2023, just behind U.S. and the U.K. As ransomware actors continue to advance their tactics, creating more sophisticated strains and causing financial and reputational damage to businesses, organizations must enhance their cybersecurity defenses to effectively combat these evolving threats.

Recent Akira activities:

• June 2023: a mere three months following the initial discovery of Akira, the ransomware group encompasses Linux systems within its list of targeted systems.
• August 2023: Akira focuses on Cisco VPN accounts lacking multifactor authentication (MFA)
• September 2023:  An analysis of Akira variant Megazord is released.
  • This variant encrypts files with the “POWERRANGES” file extension and shares a ransom note, titled “powerranges.txt,” directing victims to get in touch with the ransomware actor through the TOX messenger.
• September 6^th 2023: Akira ransomware operators take advantage of CVE-2023-20269, a previously undisclosed security flaw, in two of their product offerings, specifically targeting the remote access VPN feature within the Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software.

Trend Micro has a report on Akira that you can read to gain further insight.

This entry was posted on October 10, 2023 at 11:27 am and is filed under Commentary with tags Trend Micro. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.