CP
cyberpings
Malware & RansomwareHIGH

Akira Ransomware - Attacks Now Completed in Under One Hour

Featured image for Akira Ransomware - Attacks Now Completed in Under One Hour
IMInfosecurity Magazine
πŸ“° 3 sourcesΒ·Summary by CyberPings EditorialΒ·AI-assistedΒ·Reviewed by Rohit Rana
Updated:
🎯

Basically, a new ransomware group can attack and lock your files in less than an hour.

Quick Summary

A new report reveals that the Akira ransomware group can complete attacks in under one hour. This rapid execution poses serious risks for organizations, especially those using vulnerable VPNs. It's crucial for businesses to strengthen their defenses against such fast-moving threats.

What Happened

Security researchers have observed a significant increase in the speed of ransomware attacks, particularly from the Akira group. According to a report by Halcyon, Akira is now capable of completing all stages of a ransomware attack in less than one hour. This alarming trend highlights the evolving tactics of ransomware operators, who are increasingly prioritizing speed and stealth.

How It Works

Akira typically gains initial access by exploiting vulnerabilities in internet-facing VPN appliances and backup solutions. Devices from companies like SonicWall, Veeam, and Cisco have been targeted, especially those lacking multi-factor authentication (MFA). The group employs various methods for initial access, including credential theft, spearphishing, and even collaboration with initial access brokers (IABs). Once inside, they exfiltrate data before encryption, following a classic double-extortion model.

Who's Being Targeted

Organizations that rely heavily on VPNs and backup solutions are particularly vulnerable to Akira's tactics. The group's sophisticated methods and rapid execution make it a formidable threat. In fact, Akira has reportedly generated as much as $244 million since its emergence in March 2023, indicating its effectiveness and the financial incentive behind such attacks.

Signs of Infection

Organizations should be vigilant for signs of Akira's presence, which may include:

  • Unusual data transfers or spikes in network activity.
  • Disabling of security software by unknown processes.
  • Sudden encryption of files across multiple devices.

How to Protect Yourself

Halcyon recommends several strategies to mitigate the threat posed by Akira and similar ransomware groups:

  • Hardening initial access points by securing VPNs and implementing MFA.
  • Limiting lateral movement within networks by restricting remote services and monitoring account usage.
  • Detecting data staging and exfiltration by keeping an eye on unusual data collections and command-and-control activity.
  • Implementing robust recovery processes to protect against encryption impacts.
  • Deploying dedicated anti-ransomware solutions that can block malicious binaries and detect abnormal behaviors before they can cause harm.

Conclusion

The rapid evolution of ransomware tactics, as demonstrated by Akira, underscores the need for organizations to enhance their security postures. By adopting layered defenses and remaining vigilant, businesses can better protect themselves against these increasingly sophisticated threats.

πŸ”’ Pro insight: Akira's rapid attack lifecycle exemplifies the need for organizations to adopt proactive security measures and continuous monitoring to stay ahead of evolving ransomware tactics.

Original article from

IMInfosecurity Magazine
Read Full Article

Also covered by

CYCyberScoop

Akira ransomware group can achieve initial access to data encryption in less than an hour

Read Article
SCSC Media

Accelerated Akira ransomware intrusions examined

Read Article
CYCyber Security News

New Akira Lookalike Ransomware Campaign Targeting Windows Users in South America

Read Article

Share

Related Pings

HIGHMalware & Ransomware

Malware Newsletter Round 91 - Latest Threats and Insights

The latest malware newsletter reveals new threats like Infiniti Stealer and npm supply chain attacks. Developers and organizations must stay alert to evolving risks in cybersecurity.

Security AffairsΒ·
HIGHMalware & Ransomware

Malicious Email Delivers CMD Malware - Privilege Escalation Alert

A malicious email has delivered a .cmd malware file that escalates privileges and bypasses antivirus systems. Users are at risk of significant system compromise. Awareness and immediate action are vital to mitigate this threat.

Security AffairsΒ·
HIGHMalware & Ransomware

Axios NPM Package Compromised - Supply Chain Attack Exposed

A major supply chain attack compromised the Axios NPM package, affecting millions of users. Malicious versions deployed a RAT, posing serious security risks. Swift action was taken to remove the threats.

Trend Micro ResearchΒ·
HIGHMalware & Ransomware

Brokk Hacked - Play Ransomware Exposes Sensitive Data

Brokk has reportedly been hacked by Play ransomware, leading to the leak of sensitive corporate data. This incident could severely impact the company's reputation and security. Organizations must bolster their defenses to prevent similar breaches.

SC MediaΒ·
HIGHMalware & Ransomware

Chaos Malware - New Targeting of 64-bit Linux Servers

Chaos malware has evolved to target 64-bit Linux servers, expanding its attack surface. This shift raises alarms for organizations relying on these systems. Enhanced security measures are now crucial to protect against potential larger-scale attacks.

SC MediaΒ·
HIGHMalware & Ransomware

Phorpiex Botnet - Spreading Ransomware and Sextortion Tactics

The notorious Phorpiex botnet is back, spreading ransomware and sextortion schemes. Millions are at risk as it targets users globally. Stay alert and protect your devices from this evolving threat.

Cyber Security NewsΒ·