Saturday, July 6, 2024
Latest:
Akira
Cybersecurity NewsNews

Singapore Authorities and PDPC Issues Warning on Akira Ransomware

Abigail Michelle

Loading

Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF), and the Personal Data Protection Commission (PDPC) jointly released an advisory on Akira ransomware. 

The advisory included the Tactics, Techniques, and Procedures (TTPs) the Akira threat groups use to infiltrate the networks of their victims and some strategic recommendations for organizations to minimize potential risks.

Joint Advisory on Akira Ransomware

Akira Ransomware, which first appeared in March 2023, is a type of ransomware that targets both Windows and Linux systems under aransomware-as-a-service(RaaS) model. 

The Akira threat group’s targeting strategy is non-discriminatory. It casts a wide net to infiltrate various organizations, including those in the educational, financial, manufacturing, and healthcare sectors. 

The ransomware provides its affiliates with software and infrastructure to attack the victims in exchange for a percentage of the ransom paid by the victim organization. 

According to the joint advisory, the Akira ransomware affiliate groups have methods of attacking their victims.

Firstly, they can infiltrate the victim organization networks by using unsecured VPN services or the Remote Desktop Protocol (RDP). Criminal groups can also lure victims into tapping on scam links, exposing their credentials.

Once the group has extracted the data of their victim organization through any of their various means, Akira encrypts the data using a hybrid encryption algorithm and sends a ransom note named fn.txt to both the root directory and the users’ directory.

The ransom note will include the amount of Bitcoin the victim will pay and the receiving wallet address. 

Mitigating Measures The Ransomware 

Due to the numerous reports of cybercriminals infiltrating the servers of different organizations, the SPF and the PDPC they advised organizations on some measures to reduce ransomware attacks on their network.  

Every organization is advised to use strong passwords with at least 12 characters, including upper- and lowercase letters, numbers, and special characters, and to implement Multi-Factor Authorization (MFA) on their VPN services and important accounts.

The advisory urges organizations to properly educate their employees on recognizing and avoiding phishing and scam messages.

After recommending several mitigating measures, the advisory concluded by reminding affected organizations to report an attack to the authorities instead of paying the ransom to prevent future similar attacks.