A naukri.com initiative
Qualys
1M
411
Image Credit: Qualys
Threat Brief: Understanding Akira Ransomware
- Akira is a ransomware operated as Ransomware as a Service (RaaS) that has been targeting organizations in North America, the UK, and Australia since March 2023. It exfiltrates data before encrypting it, enabling double extortion attacks. The group claims to have infected over 196 organizations.
- Akira affiliates use various methods to gain initial access to victims' environments, including by exploiting vulnerabilities or using compromised credentials from initial access brokers. They then perform reconnaissance, use different tools and persistence techniques to maintain their access, and perform lateral movement with valid accounts or remote shares.
- The ransomware uses several command-line arguments, deletes shadow copies, and employs the ChaCha algorithm for file encryption. Encryption notes have a code for victims to log in to Akira's chat messenger. Qualys's EDR and EPP offering provides comprehensive coverage against advanced threats like Akira and has behavioral detections to identify such threats.
- RaaS has emerged as a significant threat, enabling low-skilled actors to deploy highly sophisticated ransomware attacks. Organizations must secure their perimeter by using defenses like multi-factor authentication and relying on EDR products to protect against such threats on the endpoint.
- The article also provides a list of MITRE ATT&CK techniques used by Akira and Indicators of Compromise (IoCs).
Read Full Article
24 Likes
For uninterrupted reading, download the app