The United States Federal Bureau of Investigation (FBI) reported on a group responsible for developing the Akira ransomware, which has caused damages exceeding $42 million.
The FBI conducted its investigation in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), the European Cybercrime Centre at Europol (EC3), and the Netherlands National Cyber Security Centre (NCSC-NL).
According to the document, Akira has been targeting businesses and critical infrastructure in North America, Europe, and Australia since March 2023. The malware gains access through pre-installed VPN services lacking multi-factor authentication.
The ransomware extracts credentials and other confidential information from the device, then locks the system, displaying a ransom demand.
“Akira does not leave an initial demand or payment instructions on compromised computers. Hackers will not provide this information until the victim contacts them,” law enforcement stated.
To restore access, the group demands payments in bitcoin from the attacked organizations.
Law enforcement agencies have issued recommendations to prevent potential breaches. Investigators advised organizations to implement multi-factor authentication, system-wide encryption, and network traffic filtering, as well as to disable unused ports.
“The FBI, CISA, EC3, and NCSC-NL recommend continuously testing your security program in a production environment to ensure optimal protection,” the document states.
Back in August 2023, the FBI seized nearly $9 million in bitcoin from the operators of the Qakbot botnet.
In February 2024, the United Kingdom’s National Crime Agency seized a darknet site belonging to the LockBit hacker group.