Akira Ransomware

Akira is a new ransomware variant that was first identified in the wild in Q1 2023. This malware variant attacks both Windows and Linux systems and uses ChaCha2008 to deny users access to their data.

Request a Demo Learn More

How Does Akira Ransomware Work?

The Akira ransomware variant is distributed in various ways. Some known distribution mechanisms include infected email attachments and the exploitation of vulnerabilities in VPN endpoints. Once the Akira ransomware gains access to a system, it uses various means to conceal its presence. For example, the ransomware may work against endpoint security solutions and uses LOLBins — which “live off the land” by using built-in functionality on a computer to perform malicious actions — to increase the complexity of detecting and remediating the infection. The ransomware is also known to steal credentials from a system by dumping the LSASS process memory, providing it with additional access and privileges on the compromised system.

Like the Conti V2 ransomware — which was leaked — the malware uses CryptGenRandom and ChaCha 2008 for file encryption. Encrypted files can be identified by a .akira extension appended to their filenames. The malware also deletes shadow copies of files, preventing them from being used for data recovery. In some cases, the ransomware has also been observed to perform extortion-only attacks. These attacks skip the stage of data encryption and, instead, exfiltrate data and demand a ransom not to sell or leak it publicly. After the ransomware has encrypted and/or stolen data, it displays a ransom message. Akira is known for demanding large ransoms, often in the hundreds of millions of dollars.

What Does Akira Ransomware Target?

The Akira ransomware group commonly demands a large ransom, so its primary target is large enterprises. In general, the ransomware targets companies in North America, Europe, and Australia.

Often, the malware is distributed as part of a targeted threat campaign, leveraging phishing emails or vulnerable software to infect systems. Common target industries include education, finance, manufacturing, and the medical industry.

How to Protect Against Akira Ransomware

Akira ransomware infections can be costly for a business in terms of decreased productivity, lost data, and the cost of ransoms and remediation. Some best practices that organizations can implement to reduce their risk of a successful ransomware attack include the following:

  • Cybersecurity Awareness Training: Akira leverages phishing emails and compromised credentials to distribute their malware. Cybersecurity awareness training can reduce an organization’s exposure to these threats by teaching employees about security best practices and how to recognize common attack techniques.
  • Anti-Ransomware Solutions: The data encryption and exfiltration that ransomware performs is unusual and a clear indicator of a ransomware attack. Anti-ransomware solutions can use these behavioral indicators and other factors to identify, block, and remediate infections by Akira and other ransomware.
  • Data Backups: Crypto ransomware like Akira is designed to force a company to pay a ransom by encrypting its data and demanding payment for the decryption key. Data backups enable a company to recover encrypted data without paying the ransom demand.
  • Patch Management: Akira commonly exploits vulnerabilities in VPN software to infiltrate a target environment. Promptly installing patches and updates enables a company to close these security gaps before they can be exploited by the ransomware group.
  • Strong User Authentication: The Akira ransomware variant commonly targets VPNs that lack multi-factor authentication (MFA), making it easier for the attacker to exploit compromised credentials. Enforcing the use of MFA on corporate systems increases the difficulty for the ransomware group to infect systems with their malware.
  • Network Segmentation: Ransomware often needs to move laterally across a corporate network from its initial infection point to a system with valuable data. Network segmentation makes this movement more detectable and preventable before sensitive data can be encrypted or stolen.

Prevent Ransomware Attacks with Check Point

Ransomware has emerged as one of the leading threats to corporate cybersecurity and data security. Modern ransomware attacks not only threaten data loss but also breaches of sensitive corporate and customer information.

Akira, while a relatively new ransomware variant, has already proven itself to be one of the more dangerous malware variants in operation. It uses various techniques to hide itself on infected systems and combines data encryption and extortion in its attempts to force companies to pay large ransoms.

Preventing ransomware attacks is essential to an organization’s cybersecurity and ability to maintain operations. You’re welcome to explore ransomware threat prevention further by checking out the CISO’s Guide to Ransomware Prevention.

 

Check Point’s Harmony Endpoint incorporates robust ransomware prevention capabilities as well as the ability to defend an organization’s systems against various potential endpoint security threats. To learn about Harmony Endpoint’s capabilities and find out how it can help protect your company against Akira and other endpoint security threats, feel free to sign up for a free demo today.

Get Started

Harmony Endpoint

Endpoint Security 

Complete Ransomware Protection Whitepaper

Anti Ransomware

Related Topics

Triple Extortion Ransomware

Double Extortion Ransomware

Locker Ransomware
Ransomware Removal

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK