The Akira ransomware gang secured a whopping $42 million from over 250 enterprises in the previous year. This information was released on April 18 as part of a combined advisory by the United States and four key European cybersecurity agencies.
The advisory shed light on Akira’s new spectrum of attacks on Linux systems in addition to Windows. It was put forth by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the European Cybercrime Centre under Europol, and the Netherlands-based National Cyber Security Centre.
Fighter against these cyber attacks, CISA expressed the main aim of the advisory: to help enterprises counteract these threats by sharing known tactics, procedures, and techniques of the Akira ransomware, along with markers of compromise identified in FBI probes as recent as February 2024.
Since its inaugural focus on Windows systems, the group has evolved and now targets VMware ESXi virtual machines through a Linux variant. Back in August 2023, the double-extortion group began deploying the Megazord, written in Rust, and Akira, written in C++, along with Akira_v2, also based on Rust.
On Jan. 22, SC Media reported that the Akira ransomware group has proven to be a significant threat to small- and medium-sized businesses — especially SMBs in Europe, North America and Australia. The group has notably attacked the government sector.
Targeting Linux systems for ransomware attacks has become popular because Linux has become the operating system of choice for many server functions and now that it’s ubiquitous, attackers can maximize their chances of getting paid a ransom, explained Jason Soroko, senior vice president of product at Sectigo.
“Credential harvesting seems to be playing a key role for the attackers — therefore, system administrators need to focus their attention on this type of social engineering attack,” said Soroko.
Patrick Tiquet, vice president of security and architecture at Keeper Security, said that ransomware attacks historically targeted Windows systems because of their widespread use in corporate networks. However, Tiquet added that organizations have increasingly been adopting Linux infrastructure — particularly in critical sectors like finance, healthcare and government — and we’re seeing threat actors adapt their tactics to capitalize on this trend.
“Linux servers often host critical applications and data, making them attractive targets for extortion,” said Tiquet. “Additionally, the open-source nature of Linux lets threat actors analyze and exploit vulnerabilities more easily, potentially leading to larger-scale attacks with greater impact. It’s critical for organizations to implement robust cybersecurity measures, including timely patching, network segmentation and comprehensive backup strategies, to mitigate the risk posed by ransomware threats like Akira.”
Laura French April 19, 2024
Hackers claim to have obtained the records by breaching a third party with access to the database.
George V. Hulme April 19, 2024
Despite a temporary halt in the rise of ransomware, organizations are neglecting the necessary measures to protect themselves from a predicted surge in attacks.
Written by: SC Staff on April 19, 2024
French healthcare provider, Hospital Simone Veil, underwent a significant disruption in its operations due to a cyber attack. Previously this week, it had come to light that all of its computers were disrupted, as reported by BleepingComputer.
ChicagoVPS is your gateway to unparalleled hosting solutions. Our state-of-the-art datacenters and powerful network ensures lightning-fast speeds and uninterrupted connectivity for your websites and applications. Whether you’re a startup looking for scalable resources or an enterprise in need of enterprise-grade hosting, our range of plans and customizable solutions guarantee a perfect fit. Trust in ChicagoVPS to deliver excellence, combining unmatched reliability and top-tier support.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@chicagovps.net.
