The Akira Ransomware Group Expands Target Base to Linux Systems
Akira, a relatively new ransomware group, has been gaining momentum and increasing its sophistication by targeting Linux systems in addition to Windows systems, according to researchers. The group, named after a Japanese anime film, initially focused on attacking Windows systems but has now developed a new version of its ransomware that can exploit open-source Linux operating systems. This shift in tactics reflects a growing trend among ransomware groups to exploit the increasing popularity of Linux in enterprise environments. Linux has become the standard for running virtual container-based systems, which are crucial for IoT devices and mission-critical applications. The fact that a Windows-centric ransomware group like Akira is now targeting Linux underscores the vulnerability of these systems to cyber threats.
Akira’s Expansion and Targeted Victims
Akira has rapidly expanded since its emergence in April of this year, compromising 46 publicly disclosed victims in just a few months. The majority of these victims are located in the United States. While victims come from various industries, the education sector has been the most heavily targeted, followed by manufacturing, professional services, BFSI (Banking, Financial Services, and Insurance), and construction. Other victims come from sectors such as agriculture and livestock, food and beverage, IT and ITES, real estate, consumer goods, automotive, chemical, and others.
Akira’s Approach: Data Theft and Double-Extortion Tactics
Akira primarily focuses on compromising and stealing data from its victims, using double-extortion tactics. The ransomware threatens to leak the stolen data on the Dark Web if the victims do not pay the requested ransom. The group maintains a unique data-leak site designed as an interactive command prompt using jQuery, which displays a list of victims who failed to pay and associated leaks of their data.
How Akira’s Linux Targeting Works
The new Linux ransomware used by Akira infects systems through a console-based 64-bit executable written in Microsoft Visual C/C++ compiler. Upon execution, it obtains a list of logical drives currently available in the system using the API function GetLogicalDriveStrings(). The ransomware then drops a ransom note in multiple folders and proceeds to search for files and directories to encrypt. It uses cryptographic libraries and functions to encrypt the victim’s machine and appends the “.akira” extension to encrypted files. The ransomware also includes a feature that prevents system restoration by executing a WMI query to delete the shadow copy of the system.
Prevention and Mitigation Strategies Against Ransomware
Researchers have provided several recommendations for organizations to prevent and mitigate ransomware attacks. These include conducting regular backups and keeping them offline or in a separate network to enable system restoration in case of an attack. It is crucial to enable automatic software updates on all computers, mobile devices, and connected devices whenever possible and use reliable antivirus and internet security software packages. Additionally, corporate users should be cautious about opening untrusted links and email attachments without verifying their authenticity to avoid falling victim to phishing attacks. In the event of a ransomware attack, organizations should immediately disconnect infected devices on the same network and inspect system logs for any suspicious activity.
Conclusion
The evolution of the Akira ransomware group to target Linux systems highlights the increasing vulnerability of these systems to cyber threats. Ransomware attacks continue to pose significant risks to organizations, making it imperative to implement robust cybersecurity measures. As ransomware groups become more sophisticated, it is crucial for organizations to stay vigilant, adopt preventive measures, and establish effective incident response plans to mitigate potential damage. By following security best practices and staying educated on emerging threats, organizations can better protect themselves from the evolving landscape of cybercrime.
<< photo by cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Power of Social Engineering: Unveiling the Depth of Red Team Exercises
- The FDA’s SBOM Mandate: Revolutionizing OSS Security Practices
- The Battle to Secure Browsing: Chrome 114 Update Tackles High-Severity Vulnerabilities
- ChatGPT and the Imperative for Secure Coding: Harnessing Human-like Abilities
- Nokod Raises $8 Million in Funding to Bolster Security for Low Code/No-Code Custom Apps
- Securing CI/CD Environments: Insights from CISA and NSA Guidance
- White House’s Cybersecurity Budget Priorities Illuminate Future Fiscal Plans
