Since March 2023, Akira ransomware has deployed across North America, Europe, and Australia across a wide range of businesses and sensitive infrastructure entities.
If from the outset, Akira echoes the famous manga by the no less famous Katsuhiro Ōtomo, it above all makes the FBI, the CISA, the European Center for Combating Cybercrime (EC3), Europol and the National Cybersecurity Center of the Netherlands tremble. Low (NCSC-NL).
And for good reason, Akira is also the nickname of the ransomware gang which managed, in one year, to extort $42 million from some 250 organizations around the world. In a joint opinion published on April 18, 2024, the American and European authorities indicate that Akira continues to have an impact on “ a wide range of businesses and critical infrastructure across North America, Europe and Australia “.
Akira’s meteoric rise
The Akira gang has quickly gained notoriety in the world of cybercrime. Its success is based on a well-established strategy: the use of ransomware, which brought in, remember, more than 1 billion (yes, yes) dollars in 2023, on Windows and Linux systems. This allows it to tackle a wide range of organizations. The group’s approach is brutal but effective. It disables security measures to find its way through networks and exfiltrate valuable data. Ransom payments, demanded in Bitcoin, add a layer of anonymity to its operations. But that’s not all: the gang exerts additional pressure by threatening to publish the stolen data on the Tor network, or even to contact the victim companies directly.
Cybersecurity experts are particularly concerned about how quickly Akira carried out a large number of attacks soon after its emergence. This effectiveness suggests that the group is made up of experienced actors in the field of ransomware. Indeed, the gang has claimed responsibility for a series of incidents in 2024, targeting high-profile entities such as Stanford University and cloud hosting service provider Tietoevry. Its ability to attack targets as diverse as railroads, local governments and financial institutions demonstrates its versatility and dangerousness.
Akira’s Hidden Links
Analysis of cryptocurrency transactions by Arctic Wolf, a cybersecurity company, has revealed disturbing information. Akira appears to have ties to the now-defunct Conti ransomware gang. In at least three separate transactions, ransoms collected by Akira were transferred to addresses affiliated with Conti, suggesting collaboration or affiliation between these two malicious entities. Two of the wallets associated with Conti were linked to its management team, indicating that the payments came from multiple ransomware families.
Authorities also posted protection advice to sensitive organizations that Akira could attack on CISA’s X.com account. They fear that extinct groups could be reborn in new forms or support other active groups. Witness the release of a decryptor in July, which was supposed to represent a blow to Akira, but the group quickly closed the flaws in its code and relentlessly continued its attacks. We will have to count on this new major cyberhacker.
Large organizations and individuals alike, the principle of ransomware is invariable: extort money from victims under penalty of revealing or selling sensitive data. Clubic therefore recommends that you exercise the greatest caution with regard to your personal data and advises you on tools to protect your privacy.
Sources: Bleeping Computer, CISA
0