Akira — a ransomware hacker group —that extorted $42 million from over 250 organizations across North America, Europe, and Australia within a year, is now actively targeting businesses in Singapore, according to a joint advisory issued by Singaporean authorities.
The Cyber Security Agency of Singapore (CSA), the Singapore Police Force, and the Personal Data Protection Commission have recently received several complaints from victims of the cyberattack. The CSA announced in a Twitter post that the joint advisory:
It highlights the observed Tactics, Techniques and Procedures (TTPs) employed by Akira threat group to compromise their victims’ networks and provides some recommended measures for organisations to mitigate the threat posed.
Investigations conducted by the United States Federal Bureau of Investigation (FBI) have found that Akira ransomware primarily targets businesses and critical infrastructure entities. The Singaporean authorities have provided guidance on how to detect, deter, and neutralize Akira attacks, and have advised businesses that have been compromised to refrain from paying ransom to the attackers.
Akira members demand payments in cryptocurrencies such as Bitcoin (BTC) to return control of their victims’ computer systems and internal data. However, Singapore authorities have advised businesses not to make these payments, stating:
“If your organization’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”
The authorities warn that paying the ransom may lead to further attacks, as malicious entities may attempt to extort more money. The FBI has also found that Akira never contacts its victims and expects them to reach out first.
Recommended threat mitigation techniques
To protect against ransomware attacks like Akira, authorities recommend implementing a recovery plan and multifactor authentication. Furthermore, they also suggest filtering network traffic, disabling unused ports and hyperlinks, and employing system-wide encryption.