FBI: Extortionist Akira Nets Ransoms Worth $42 Million USD

According to a joint statement by the FBI, CISA, the European Cybercrime Center (EC3) at Europol, and the National Cyber Security Center of the Netherlands (NCSC-NL), the Akira ransomware has breached networks of over 250 organizations since the beginning of 2023, collecting approximately $42 million in ransoms.

The Akira extortionist emerged in March 2023 and quickly gained notoriety, targeting victims across various industries worldwide. By June 2023, the malware developers had created a Linux encryptor for VMware ESXi virtual machines, widely used in corporate environments.

Experts report that on average, Akira operators demand ransoms ranging from $200,000 to several million dollars from affected organizations, depending on the size of the breached entity.

As of January 1, 2024, law enforcement officials state that the group attacked 250 organizations in North America, Europe, and Australia, demanding around 42 million US dollars in ransom payments from the victims.

For example, in December 2023, Akira representatives reported an attack on the systems of Nissan in Australia and New Zealand, and later the company confirmed the data breach of 100,000 individuals. Recently, Akira operators also breached Stanford University, which last month also warned of a data leak affecting the personal information of 27,000 individuals.

Since its appearance in 2023, the group has claimed attacks on more than 230 organizations on their darknet website.

Law enforcement attached Akira compromise indicators (IOCs) to their report, along with information on the tactics and methods used by the group, identified during FBI investigations starting from February 2024.

It is reported that for initial access to target networks, malware operators target VPN services lacking multi-factor authentication, mainly exploiting known vulnerabilities in Cisco products (such as CVE-2020-3259 and CVE-2023-20269). Additionally, hackers often use Remote Desktop Protocol (RDP), targeted phishing, and legitimate credentials to access victim environments.

To escalate privileges, attackers employ solutions like Mimikatz and LaZagne, with Windows RDP primarily used for lateral movement within the victim’s network. Data exfiltration is carried out using FileZilla, WinRAR, WinSCP, and RClone.

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment