Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Overview :

In March 2023, the US and Canada were attacked with a new family of ransomware called Akira. It’s not like the Akira ransomware that Microsoft Defender Antivirus flagged in 2017. Several organizations in the US were targeted and their sensitive data was exposed by the ransomware.

Akira Ransomware first made its appearance in the cyber threat landscape in March 2023. The threat actors behind Akira employ various extortion strategies, operating a website on the TOR network (with a .onion domain). This site lists victims and any stolen information, especially if the ransom demands aren’t met. Victims are directed to this TOR-based site, using a unique identifier found in the ransom message they receive, to initiate negotiations.

Threat actors started targeting Cisco VPNs that weren’t configured for multi-factor authentication in 2023. By using this tactic, they could infiltrate organizations more easily. Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. By implementing MFA, organizations can significantly reduce the risk of unauthorized access, including a potential ransomware infection. If a threat actor successfully gains unauthorized access to a user’s VPN credentials, such as through brute force attacks, MFA provides an additional layer of protection to prevent the threat actors from gaining access to the VPN.

What you should do :

Configure multi-factor authentication (MFA) for VPN users. By implementing MFA, you’ll be able to reduce the risk of unauthorized access, including ransomware infections. In the event that a threat actor gets unauthorized access to VPN credentials, MFA provides an extra layer of protection.

References :

Vendor Sources

Akira Ransomware Targeting VPNs without Multi-Factor Authentication – Cisco Blogs

Third Party Sources

The Akira Ransomware Saga: Origins, Tactics, and Countermeasures | by Sai Prashanth Pulisetti | The Gray Area

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Overview :

What you should do :

References :

Latest Articles

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

US LBM remodels its cybersecurity approach by centralizing IT with Microsoft Security solutions

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

State-backed hackers exploit 2 Cisco vulnerabilities for espionage

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Overview :

What you should do :

References :

Latest Articles

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

US LBM remodels its cybersecurity approach by centralizing IT with Microsoft Security solutions

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

State-backed hackers exploit 2 Cisco vulnerabilities for espionage

Overview :

What you should do :

References :