Akira Ransomware
Watch Video
Akira Ransomware Video
250+ Organizations Impacted, $42 Million Ransomware Toll
FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year, affecting numerous businesses and critical infrastructure entities across North America, Europe, and Australia. The gang has made over $42 million from the attacks as ransom payments. Learn More »
Common Vulnerabilities and Exposures
Background
First detected in March/April of 2023, this ransomware group primarily focuses on small to medium-sized businesses, driven by financial motives. Like other notorious ransomware, Akira utilizes familiar tactics such as Ransomware-as-a-Service and double extortion to maximize their profits. The ransomware uses virtual private network (VPN) service without multifactor authentication (MFA)- mostly using known Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269, external-facing services such as Remote Desktop Protocol, spear phishing, and the abuse of valid credentials. These credentials are typically acquired through brute force attacks or obtained from the dark web. Once inside, threat actors deploy various tools and malware to conduct reconnaissance, dump credentials, exfiltrate data, and move laterally within the network. Initial iterations of the Akira ransomware variant were coded in C++ and encrypted files with a .akira extension. However, from August 2023 onwards, certain Akira attacks transitioned to utilizing Megazord, featuring Rust-based code that encrypts files with a .powerranges extension. Akira threat actors persist in employing both Megazord and Akira, including the newer version, Akira_v2.
Threat Radar Overall Score: -
CVSS Rating | 9.0 | |
FortiRecon Score | 90/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 2.59% | |
FortiGuard Telemetry | Analyzing |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Fortinet has existing AV signatures and behaviour-based detections to detect and block Akira Ransomware, however it is always recommended to follow best practices and apply relavant patches to mitigate threat and reduce the likelihood/impact of ransomware incidents.
https://www.fortinet.com/resources/cyberglossary/how-to-prevent-ransomware
April 19, 2024: FortiGuard Labs released a Threat Signal
https://www.fortiguard.com/threat-signal-report/5426
April 18, 2024: The United States’ Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) are releasing this joint cyber security advisory (CSA):https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a
Feb 15, 2024: CISA added (CVE-2020-3259) Cisco ASA and FTD Information Disclosure Vulnerability to known exploited vulnerabilties catalog.
October 12, 2023: Fortinet released a detailed blog on Akira Ransomware
https://www.fortinet.com/blog/threat-research/ransomware-roundup-akira
Sep 13, 2023: CISA added (CVE-2023-20269): Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability to its known exploited vulnerabilties catalog.
Attack Sequence
Actions taken by cyber attacker or a malicious entity to compromise a target system or network.
Attack Sequence
Attack Sequence Video
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
Behavior Detection
-
Pre-execution
-
Post-execution
-
Threat Hunting
-
IOC
-
Outbreak Detection
-
Playbook
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Business Reputation
AV Detects known malware related to Akira Ransomware
AV (Pre-filter) Detects known malware related to Akira Ransomware
Behavior Detection Detects unknown malware related to Akira Ransomware
Pre-execution Automated threat detection and response against advanced threats such as fileless threats and ransomware
Post-execution Automated threat detection and response against advanced threats such as fileless threats and ransomware
Threat Hunting
Outbreak Detection
Playbook undefined
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Business Reputation Know attackers next move to protect against your business branding.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.