FBI: Akira ransomware raked in $42 million from 250+ victims

Hackers stealing cryptocurrency

According to a joint advisory from the FBI, CISA, Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments.

​Akira emerged in March 2023 and quickly gained notoriety after targeting victims across various industry verticals worldwide.

By June 2023, the group's ransomware developers had created and deployed a Linux encryptor to target VMware ESXi virtual machines widely used in enterprise organizations.

According to negotiation chats obtained by BleepingComputer, Akira operators are demanding ransoms ranging from $200,000 to millions of dollars, depending on the size of the compromised organization.

"As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds," the joint advisory warns.

"Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia."

Most recently, Akira has claimed ransomware attacks on Nissan Oceania, which warned of a data breach impacting 100,000 people in March, and Stanford University, which also revealed last month a breach affecting the personal information of 27,000 individuals.

Since it surfaced last year, the ransomware group has added over 230 organizations to its dark web leak website.

CISA Akira ransomware

​Today's advisory also offers guidance on reducing the impact and risks linked to this ransomware gang's attacks.

Network defenders are strongly advised to prioritize patching vulnerabilities that have already been exploited and enforce multifactor authentication (MFA) with strong passwords across all services, especially for webmail, VPN, and accounts linked to critical systems.

Additionally, they should regularly update and patch software to the latest versions and focus on vulnerability assessments as integral components of their standard security protocols.

The four agencies also provide Akira indicators of compromise (IOCs) and information on tactics, techniques, and procedures (TTPs) identified during FBI investigations as recently as February 2024.

"The FBI, CISA, EC3, and NCSC-NL encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents," they urged on Thursday.