Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259)
Description
What is the Akira Ransomware Attack? |
The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds. The ransomware group gains initial access via either less-secured VPN or Cisco vulnerabilities. Once the network is compromised, the threat actor is able to target a system and encrypt files with .akira extension. |
What is the recommended Mitigation? | Review attack surfaces and ensure that all systems are kept up-to-date with the latest patches. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. |
What FortiGuard Coverage is available? | FortiGuard Labs has existing AV signatures (i.e. W64/Akira.C!tr.ransom) to block all the known malware variants used by Ransomware group and has blocked related IoCs via Web filtering service. |
Appendix
✖