Analyst Note on Akira Ransomware: HC3 Report
Let’s have a chinwag about Akira, not the classic Japanese anime film we all know, but rather a new cyber pest that’s been topping the headlines recently – yes, a rather nasty bit of ransomware. And they’ve set their sight on a rather uncomfortable target: the health sector in the U.S.
Akira was first spotted lurking around the cyber world in May 2023. In less than a year’s time, it’s managed to cause a right kerfuffle for 81 organisations. Mind you, this shouldn’t be mixed up with the Akira ransomware observed in 2017 – an entirely different and unconnected entity. Likewise, it’s not a sci-fi propelled double identity.
As we have a natter further, we can’t ignore the possibility that there’s a link between Akira and the now-defunct Conti ransomware. Although, this isn’t set in stone, the resemblance between the two in terms of their knack for cyber naughtiness provides strong grounds for suspicion. If these whispers turn out to be true, it only underscores Akira’s threat, and we do need to sit up and take it seriously.
Akira operates on a strategy commonly known as ransomware-as-a-service or RaaS. In layman’s terms, they cause the trouble, and then employ other cybercriminals to make good of the ruckus, sharing the ill-gained rewards with them. Akin to a modern-day cyber Robin Hood, if you will, only that there’s no gracious intention to feed the poor involved. Their modus operandi even involves a double whammy – they slyly steal your precious data before setting their encryption dogs on you. Then they charge twice – once for getting your system back on track and another to ensure your stolen secrets stay hush-hush.
Akira hackers are no bumbling fools. They select their victims as carefully as a thespian preparing for a role, often opting for a means of infection that thrives on exploiting compromises in security credentials. That’s how they sneak their way into their target networks. And to put the cherry on the top, they’re not shy about showing off their victories. Akira operates a leak site where they proudly share the details of their victims. Led by no boundaries, they target both Windows and Linux infrastructure globally, despite having most victims associated with the United States.
While the U.S. is the turf they enjoy wreaking havoc, the United Kingdom, Canada, Australia, and New Zealand rank high on their list too. Most likely it seems to be less about the location and more about their preferred type of victim, with their preferred industries lying along the lines of manufacturing, construction, education, finance, legal, and sadly, healthcare.
It’s quite evident that our health sector is under a major threat from Akira. Knowledge is power, and understanding the way this ransomware operates is the key to protecting those crucial services. As the situation unfolds, we’ll keep pricking our ears up for updates. Till then, keep calm and carry on, right lads?
by Parker Bytes