The Cyber Security Agency of Singapore (CSA) Singapore Police Force (SPF)and the Personal Data Protection Commission (PDPC) have issued a warning to organizations about a variant of Akira ransomware that is targeting businesses across various sectors.
Authorities are urging organizations to implement strong cybersecurity measures to protect themselves against such attacks.
First detected in March 2023, Akira ransomware operates under a “Ransomware-as-a-Service” (RaaS) model and affects both Windows and Linux systems.
The Akira threat group targets a wide range of sectors, including education, finance, manufacturing and healthcare, and demands ransom based on the victim’s business profile.
Akira affiliates gain initial access through the exploitation of vulnerabilities, brute-force attacks on services such as Remote Desktop Protocol (RDP), social engineering, and the use of compromised credentials.
Once inside, the attacker uses various tools to create new domain accounts and escalate privileges, as well as gather system and network information to further the attack.
We recommend that organizations enforce strong password policies and implement multi-factor authentication to prevent unauthorized access.
Regularly updating and patching systems and software is essential to fix vulnerabilities that could be exploited by cybercriminals.
Additionally, installing a reputable anti-virus and/or anti-malware software can help detect and prevent ransomware infections.
Maintaining regular backups of critical data is essential to ensure business continuity.
Organizations should create and store copies of important files, including unalterable copies, on external and offline storage devices to ensure systems can be restored in the event of a cybersecurity incident.
These backups should be tested regularly to ensure that data can be recovered and restored quickly and that data loss is minimized.
We recommend following the 3-2-1 rule: keep three copies of your backups, use two different media formats, and store one set of backups offsite.
In addition to backups, it’s important to have a comprehensive incident response and business continuity plan in place.
Organizations should conduct exercises to test these plans before an actual ransomware attack occurs so they can take swift and decisive action to mitigate the situation.
Business continuity plans (BCPs) should be tailored to minimize the impact to business operations in the event of an attack.
Data minimization practices are also recommended: organizations should collect, process, store, and retain only that data that is essential for their business, operations, or legal requirements.
Reducing the amount of unnecessary data collected can help mitigate the impact of a data breach and reduce the resources required to protect it.
Employee education plays a key role in cybersecurity. Regular training sessions should be conducted to make employees aware of phishing and other social engineering tactics used by cybercriminals.
Phishing simulation exercises are an effective way to reinforce this training and mitigate the risk. Organizations should also monitor employee awareness and adoption levels.
Authorities strongly advise against paying the ransom as it does not guarantee data recovery and may encourage further criminal activity.
Instead, organizations are urged to immediately report ransomware incidents to authorities and seek assistance with decryption tools from trusted sources.
By following these recommendations, organizations can significantly reduce the risk of a ransomware attack and protect their critical data and operations.
Featured Image Credit: Free Pick
