Akira ransomware attackers are wiping NAS and tape backups

The Finnish National Cybersecurity Center (NCSC-FI) reported multiple organizations in Finland were hit by the Akira ransomware malware in 2023. Attackers targeted vulnerable internet-facing Cisco ASA or FTD devices, wiped backups, and launched the ransomware either by using leaked credentials or exploiting a Cisco firewall vulnerability. The NCSC-FI recommends implementing multi-factor authentication, upgrading devices, and creating offline, physically distributed backups following a 3-2-1 rule.