Key takeaways:
- Akira, the ransomware that stole $42 million from more than 250 organizations in North America, Europe, and Australia in just a single year, is currently focusing on firms in Singapore.
- The Singaporean government-provided information on recognizing, stopping, and neutralizing Akira attacks.
Akira, the ransomware that in just a single year pilfered $42 million from more than 250 organizations in North America, Europe, and Australia, is currently focusing on firms in Singapore.
Local companies were notified by a joint advisory from Singaporean authorities about the growing threat posed by a variation of the Akira ransomware.
The warning was issued after cyberattack victims filed many complaints with various organizations, including the Singapore Police Force, the Personal Data Protection Commission, and the Cyber Security Agency of Singapore.
The Akira ransomware has been known to target vital infrastructure organizations and organizations, according to earlier US Federal Bureau of Investigation investigations.
The Singaporean government-provided information on recognizing, stopping, and neutralizing Akira attacks. Businesses that have been compromised are urged not to give the attackers a ransom.
Members of Akira desire to regain control over their internal data and computer systems by receiving payments in cryptocurrency like Bitcoin. Authorities in Singapore, however, have requested that companies refrain from paying:
“Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”
Malicious actors might even try to launch another attack in an effort to obtain additional money. Akira never gets in touch with the victims; the FBI discovered that she waits for them to do so.
Putting in place a recovery plan, using multifactor authentication, filtering network traffic, blocking unused ports and URLs, and encrypting the entire system are some suggested threat mitigation strategies.
Kaspersky, a cybersecurity company, recently discovered that North Korean hackers were using the Durian malware to target cryptocurrency companies in South Korea. Kaspersky clarified:
“Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files,”
Furthermore, according to Kaspersky, Andariel, a division of the North Korean hacker collective Lazarus outfit, also utilized LazyLoad. This suggests a “tenuous” relationship between Kimsuky and the more well-known hacker outfit.
After losing more than $22 million due to a possible breach, Lykke, a cryptocurrency exchange based in the UK, has suspended trading. On-chain researchers first reported the incident on X (previously twitter). Taylor Monahan, a developer at MetaMask and an authority on crypto defense, claims that suspicious outflows of 2,161 ETH and 158 BTC were caused by the hack.
