Ransomware is ever-changing, and this is never more evident than when a ransomware group changes their tactics to access networks.
We have recently seen a change in attacks from the ransomware group Akira, flagging it as an even more pressing issue for businesses across the globe.
What is Akira Ransomware?
Akira is a prominent malware group that has predominantly targeted US and Canadian businesses.
They aim to steal data and information from companies which they hold ransom. Like many other ransomware groups, they threaten to release the data if the ransom isn’t paid by their deadline.
What is the Shift in Their Operations?
Previously, Akira was known to infiltrate systems and networks through Cisco ASA firewalls.
However, recently, we have noticed that they are changing entrance tactics and now target SonicWall SSLVPNs.
This means that accounts with weak passwords and that haven’t got multi-factor authentication (MFA) set up are easy targets.
What Does This Mean?
This shift in operation for such a large and notable ransomware group simply highlights the need for strong and secure passwords and multi-step authentication.
The news suggests that the ransomware group is expanding their targets, making it even more of a concern for businesses across the world.
What Can You Do to Stay Safe?
There are several steps that we recommend you take to protect your network and servers.
- Ensure everyone within your team is using strong and secure passwords.
- Have multi-factor authentication set up on all accounts.
- Conduct frequent audits of all VPN users and groups and remove unidentified and inactive users.
- Where possible, enable external audit logging to cover extended periods of audibility, as standard events will typically only cover 24 hours of activity.
- Keep the SonicWall appliance updated with the latest patches and regularly review SonicWall releases for further patches.
Need Help?
We are on hand to help you ensure everything is in place to keep your network secure and as safe as possible from Akira and other ransomware groups.
Our team are experts in this industry and will be able to offer advice and guidance on how you can make sure your networks are safe.
If you suspect you are under attack from Akira or another ransomware group, don’t hesitate to get in touch with our ransomware recovery team.
As we have teams across the country, we can get on-site as soon as possible, enabling a quick reaction.
Our on-site Digital Forensics & Incident Response Team will get an understanding of the situation before examining and analysing the breach and working towards containing the attack and recovering your network.
Call us now on 01202 308818 or complete our online contact form, and we will give you a callback.