CISA and Europol share important details in the fight against Akira ransomware

The cybercriminals behind Akira are extorting millions worldwide. A report by various institutions provides key facts on defence.

Save to Pocket listen Print view

(Bild: solarseven/Shutterstock.com)

2 min. read
This article was originally published in German and has been automatically translated.

The US Cybersecurity & Infrastructure Security Agency (CISA), Europol's European Cybercrime Center (EC3) and the Dutch National Cyber Security Centre (NCSC-NL) have compiled **essential** data on the Akira ransomware. The report is intended to help defend against attacks and contain those that have already taken place.

The individuals behind the blackmail Trojan operate worldwide and, according to the report, they have now attacked 250 victims and demanded 42 million US dollars in ransom. In Germany, the gang most recently struck at the service provider Südwestfalen-IT.

The malware primarily targets companies and critical infrastructure. The focus is on Windows PCs. However, there is now also a variant that is tailored to Linux systems with VMware ESXi virtual machines.

To prevent attacks and quickly contain those that have already occurred, the authors of the report outline, among other things, the tactics used by attackers to initiate attacks and establish themselves in systems. They also list which tools are used and the traces the attackers leave behind. Using collected Indicators of Compromise (IoC), admins can find clues to track down the cybercriminals and uncover already compromised systems.

At the end of the report, the authors list specific tips to keep attackers out. To ensure this, admins must regularly install security updates, segment networks, analyse logs and develop an effective backup strategy, among other things. Admins should study the report carefully to be prepared against Akira.

(des)