Need to fast-track your pentesting? Our experts make it easy.
Need to fast-track your pentesting? Our experts make it easy.

Bitcoin ransomware Akira snags $42 million and prompts FBI warning

This content was co-authored by AI. Discover our editorial practices.

In the ever-evolving landscape of cybersecurity threats, a new strain of ransomware known as Akira has emerged, posing significant risks to businesses and individuals alike. With over 250 companies falling victim to its malicious encryption tactics across North America, Europe, and Australia, Akira has been noticed throughout the cybersecurity community. 

This article aims to provide a comprehensive analysis of the Akira ransomware, shedding light on its inner workings and the implications it poses. 

Furthermore, we explore the Federal warning regarding this evolving threat and explore essential steps individuals and organizations can take to safeguard themselves from falling prey to such attacks. 

By understanding the nature of Akira ransomware and adopting proactive measures, we can collectively bolster our defenses against the growing menace of cybercrime.

Akira ransomware: a detailed analysis

Akira ransomware has emerged as a formidable threat in the cybersecurity landscape, targeting businesses and individuals with its sophisticated encryption techniques. 

Understanding how this malicious software operates helps in devising effective defense mechanisms. Akira primarily spreads through phishing emails, exploiting human vulnerabilities to trick victims into opening malicious attachments or clicking on infected links. Once executed, the ransomware gains access to a victim's device and initiates its encryption process.

Akira ransomware exhibits a selective approach in encrypting files, focusing on data that holds significant value or is essential for daily operations. This includes documents, spreadsheets, presentations, images, audio files, and even database records. By encrypting these critical files, Akira aims to inflict maximum disruption and exert pressure on victims to comply with its ransom demands.

The ransom amount demanded by the perpetrators behind Akira ransomware varies depending on the victim's profile and the extent of data encrypted. Typically, the ransom ranges from several thousand dollars to hundreds of thousands of dollars, payable exclusively in Bitcoin. To add further urgency, the attackers often impose a deadline, threatening to delete the encrypted files or increase the ransom amount if the payment is not made within the specified timeframe.

FBI warning: what you need to know

The FBI released a warning about the Akira ransomware, including what the ransomware is, how it works, and what steps computer users can take to protect themselves.

The Akira ransomware is a new and dangerous type of ransomware that has already been used to attack over 250 companies in North America, Europe, and Australia. The ransomware works by encrypting files on victims' computers, making them inaccessible until a ransom is paid. The ransom is typically demanded in Bitcoin, a digital currency that is difficult to trace.

The FBI has issued a warning about the Akira ransomware, urging computer users to take steps to protect themselves. These steps include:

  • Keeping software up to date. Software updates often include security patches that can help to protect infrastructure from ransomware attacks. Outdated software is the most common type of vulnerability across IT infrastructure and the initial point of entry for attackers.

  • Using strong passwords. Strong passwords are more difficult for hackers to guess, making it less likely that they will be able to gain access to your computer.

  • Backing up files regularly. If your system or infrastructure is infected with ransomware, a back up ensures the environment can quickly be reset and restored.

The FBI also recommends that users be aware of the latest ransomware scams. These scams often involve emails or text messages that appear to be from legitimate sources, such as banks or government agencies. The emails or text messages may contain links to malicious websites or attachments that can infect your computer with ransomware.

If you think your computer may be infected with ransomware, you should immediately disconnect it from the internet and contact your IT admin. The FBI recommends that companies do not attempt to pay the ransom, as this will only encourage the criminals behind the ransomware.

Protecting yourself from Akira and other ransomware

There’s a variety of simple steps to protect your organization from ransomware

First, you should keep your software up to date. Software updates often include security patches that can help protect your infrastructure from vulnerabilities that ransomware can exploit. According to CISA and security researchers, initial access was gained for Akira primarily through Cisco-related vulnerabilities of VPN and ASA services, CVE-2020-3259 and CVE-2023-20269

Second, you should also use general security hygiene best practices such as requiring strong passwords, requiring multi-factor authentication (MFA) and never reuse the same password for multiple accounts. If a hacker gains access to one of your accounts, they could potentially use that password to access your other accounts as well. Along with known vulnerabilities in Cisco outdated VPN & ASA versions, default and static passwords remain a common point of initial entry for attackers.

Finally, you should back up your files regularly so that you can restore them if they are encrypted by ransomware. You can back up your files to an external hard drive, a cloud storage service, or both. Ensure that the backup of data is properly segmented from the production network, as the backup will be the first target when an attacker infiltrates the network.

In addition to these basic steps, there are a few other things you can do to protect yourself from ransomware. First, be wary of suspicious emails and never click on links or open attachments from people you don't know. Second, use a reputable antivirus program and keep it up to date. Third, be aware of the latest ransomware trends so that you can take steps to protect yourself from them. Lastly, ensure you have the necessary endpoint detection and response (EDR) solutions deployed in your network.

By following these tips, you can help protect yourself from Akira and other ransomware. However, it is important to remember that no security measure is 100% effective. Therefore, you should always be prepared to respond to a security breach.

The future of ransomware: what to expect

The future of ransomware is a concerning one. More sophisticated malware variants are emerging, and ransomware is increasingly being used as a tool for targeted attacks. There is also the potential for ransomware to disrupt critical infrastructure, which could have a devastating impact on society.

One of the most concerning trends is the rise of ransomware-as-a-service (RaaS). RaaS allows criminals to rent out ransomware tools and infrastructure, making it easier for them to launch attacks. This has led to a significant increase in the number of ransomware attacks in recent years.

Another worrying trend is the increasing use of ransomware in targeted attacks. In these attacks, criminals specifically target high-value organizations, such as businesses, government agencies, and healthcare providers. These organizations are often willing to pay large ransoms to recover their data, making them a lucrative target for criminals.

The potential for ransomware to disrupt critical infrastructure is also a major concern. Ransomware attacks have already been used to disrupt power grids, transportation systems, and hospitals. If a ransomware attack were to hit a critical piece of infrastructure, it could have a devastating impact on society.

However, there are also new technologies and strategies being developed to combat ransomware. Law enforcement agencies, cybersecurity experts, and the private sector are working together to develop new ways to detect and prevent ransomware attacks. These efforts are helping to reduce the impact of ransomware, but more needs to be done.

One important step is to educate users about ransomware and how to protect themselves from it. Users should keep their software up to date, use strong passwords, and back up their data regularly. They should also be wary of phishing emails and never click on links or open attachments from people they don't know.

By working together, we can combat ransomware and protect our society from its devastating impact.

Frost & Sullivan Brand Protection Report

Back to Blog
About Luke Doherty
Luke Doherty is the Senior Manager of Sales Engineering at Cobalt. He graduated from the ECPI University with a Bachelor's Degree in Computer and Information Systems Security. With nearly 10 years of technical experience, he helps bring to life Cobalt's mission to transform traditional penetration testing with the innovative Pentesting as a Service (PtaaS) platform. More By Luke Doherty
Apporwa Verma, Cobalt: “when time is money, the business value of on-demand pentesting cannot be overstated”
Apporwa Verma, application security engineer at Cobalt, shared with us how top-tier penetration testing helps improve businesses’ information security systems.
Feb 23, 2022