DailyPost 2764
RANSOMWARE GANG AKIRA – $42 MILLION TURNOVER
Gone are the days of mafias, arms dealers, drug peddlers catching the imagination of the people and taking huge amounts of media space. The Cyber Age has transformed the crime scenario and current claimants to the coveted throne are a bunch of ransomware gangs, having the capability to hold the world hostage at will. It’s not the tech superiority which scares them compared to the state or huge IT behemoths but it’s the long arm of the law. Their tech superiority has for long been established. The way these gangs are raking money makes ransomware as the dream crime.
Ransomware group Akira has been able to “extort approximately $42 million as illicit proceeds after breaching the networks of more than 250 victims as of January 2024.” Critical infrastructure entities have been their favoured targets but they have hacked a wide range of businesses as well. The geography covered are primarily North America, Europe and Australia. A joint alert has been issued by agencies in the Netherlands, US, with Europol’s European Cybercrime Centre. The initial focus of this gang has been on Widows systems but now these threat actors have deployed a Linux variant targeting VMware ESXi virtual machine.
Double extortion groups as they are called exfiltrate a victim’s sensitive data in addition to encrypting it. This provides the criminal an additional avenue for extortion. Akira has been using a C++ variant of the locker in the early days. Somewhere around August 2023, they shifted to a Rust-based code. The ways these gangs change their tools is breath-taking. The e-crime actor now is completely different from the Akira ransomware family that was active in 2017. How do they achieve the initial access? This is facilitated by means of exploiting known flaws in Cisco appliances.
For a reputed ransomware alternate proven routes need to be created, practiced and perfected. The alternate vectors involve the use of RDP, spear-phishing, valid credentials, and VPN services which lack multi factor authentication protections. The main task to achieve the end game is to leverage various ways of persistence. They do it by creating a new domain account on the compromised system. Detection is evaded by abusing Zemana AntiMalware driver to terminate antivirus-related processes. Given the nature of growth and maturity achieved and dedicated research that is done consistently, each of these gangs are cybercrime technical behemoths themselves
INTERNATIONAL TECH COLLABORATION MAY STEM THE RANSOMWARE MENACE, BUT NOTHING SEEMS TO BE IN SIGHT.
Sanjay Sahay
Have a nice evening.