AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

The Akira phenomenon: analysis of the ransomware that shook 2023

An in-depth analysis of the impact and techniques of the most dangerous ransomware of 2023

The article discusses the Akira ransomware, which emerged in 2023, affecting 250 entities, demanding ransoms of up to $42 million. It uses advanced methods such as vulnerability exploits and phishing to infiltrate and spread within networks.

This pill is also available in Italian language

Since it first appeared on the scene in March 2023, Akira ransomware has demonstrated unprecedented destructive capacity. Through a series of targeted attacks, it has infected the networks of over 250 organizations in the current year alone, with ransoms reaching close to $42 million. These data emerge from a joint investigation carried out by prestigious agencies such as the FBI, CISA, the Europol European Cybercrime Center and the Dutch National Cyber Security Center.

Damages and exorbitant demands

The group behind Akira did not hesitate to strike hard, choosing large organizations in the territories of North America, Europe and Australia as targets. The amounts requested as ransom vary enormously, ranging between $200,000 and much larger sums, in proportion to the financial capabilities of the victims. Recent high-profile incidents have included the compromise of Nissan systems in Australia and New Zealand and a significant data breach at Stanford University, with thousands of personal data put at risk.

Sophisticated attack methodologies

The tactics employed by Akira are varied and refined. Access to networks occurs by exploiting weaknesses in VPN services that lack multi-factor authentication and the exploitation of vulnerabilities in Cisco products, identified as CVE-2020-3259 and CVE-2023-20269. Attacks also include the use of protocols such as Remote Desktop Protocol (RDP), spear phishing techniques, and theft of valid credentials to further infiltrate victims' digital environments.

Escalation tools and strategies

Once inside networks, Akira cybercriminals use tools like Mimikatz and LaZagne to escalate privileges. Lateral moves are frequently performed using Windows RDP, while data exfiltration uses applications such as FileZilla, WinRAR, WinSCP and RClone. These methods highlight a high degree of technical sophistication, increasing the challenge for security organizations in combating such cyber threats.

Follow us on WhatsApp for more pills like this

04/24/2024 10:32

Editorial AI

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately