No one loves cyber hackers. Not even the aspiring hacker who reads HODL FM. If you are seeing this, please aspire for something else. We have already lost too much with a crypto-ransomware group reported to have siphoned $42 million from 250+ business enterprises.
Another Friday at the HODL FM, a publication with only one mission – to bring you the hottest news in the crypto space.
Today we dug into a recent investigation by the U.S Federal Bureau of Investigations that highlights how a Bitcoin ransomware group called Akira has been targeting critical business infrastructure across Australia, Europe, and North America over the previous year. In that span, the group has managed to breach more than 250 enterprises and extracted about $42 million in ransomware proceeds, an alert from a prominent cybersecurity agency noted.
As per earlier investigations by the FBI, this group initially deployed the ransomware to Windows Systems. Later, the bureau discovered the existence of a Linux variant targeting the same entities and infrastructure.
It feels like they don’t want to discriminate on the lines of windows and non-windows folks, and a suitable way to do that is to expand the pie so that no operating system feels left out. And this is what makes us degens angry with cybercriminals, why run the mile to give us an inclusivity we never asked for, why?
To combat any further harm that might emerge from Akira’s attacks or other similar parties, the FBI came together with the European Cybercrime Centre (EC3), the Netherlands’ National Cyber Security Security Centre (NCSC-NL), and the Cybersecurity and Infrastructure Security Agency (CISA) to form a joint advisory, the Cybersecurity Advisory (CSA).
The advisory went down on the issue to uncover what exactly was happening and found out that Akira accesses software using pre-installed VPNs that haven’t been personalized for multifactor authentication. This enables the ransomware to extract sensitive personal information and credentials that can help it lock up the system, and display contact information. As such, the group does not leave behind a demand for ransom or any payment details but instead requires the victim to contact them. When contacted, the victims are asked to pay in Bitcoin if they want the group to restore their systems.
As the advisory investigates more convenient methods to prevent further attacks, it has cautioned individuals and businesses to use various mitigation techniques. These include filtering network traffic, implementing system-wide encryption, disabling idle ports, and crafting a recovery plan. Enterprises must also continually test their security features at scale to make sure everything is at peak perfomance against some of the advisory’s specified attacks.
Testing security features at scale is like putting your defenses through an intense workout regimen, you are not looking for 6-packs but biceps too. So you gotta lift the weights, do the push-ups, and finish the crunches. Cyber security is a never-ending game of improvements and always staying on guard. Your ordinary hacker might be the guy with a hoodie living across the block, but also it might be a sophisticated team of IT specialists and robots that won’t stop until they take down the whole system.
Previously, member organizations of the advisory have issued individual statements warning against malware targeting crypto exchanges and wallets. For example, one report from the National Cyber Security Centre indicated directories consisting of data extractions from Coinbase, Binance, and Trust Wallet.