Federal cybersecurity and law enforcement agencies issued updated guidance Thursday warning organizations about evolving tactics used by the Akira ransomware group after it recently claimed over $244 million in ransoms.
The Cybersecurity Infrastructure and Security Agency (CISA), Department of Defense Cyber Crime Center, Department of Health and Human Services, FBI, and international partners provided updated indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPS) for organizations to identify and secure against Akira ransomware activity.
Akira was first identified in 2023 and has primarily targeted small and medium– sized businesses. It has also targeted larger organizations in a large swath of sectors, including the manufacturing, education, IT, healthcare, financial, food, and agriculture industries, agencies said.
Akira has been associated with several other cyber groups, including Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara. It may also be related to the Conti ransomware group, which ceased operations in 2022.
IOCs tied to Akira were seen as recently as this month, FBI Cyber Division Assistant Director Brett Leatherman said during a media briefing, though he said that those indicators have not yet been directly attributed to Akira.
Leatherman also explained that as of late September, Akira has claimed over $244 million in ransoms over the last year.
“We know that they are actively looking at the vulnerabilities disclosed in [the guidance] in order to monetize their activity,” Leatherman said, adding that Akira’s ransomware ranks among the top five ransomware methods the FBI tracks.
CISA and the FBI recommended that organizations regularly back up data, use multifactor authentication, and prioritize addressing known exploited vulnerabilities while taking into account the updated guidance.
“The threat of ransomware from groups like Akira is real and organizations need to take it seriously, with swift implementation of mitigation measures,” said Nick Andersen, executive assistant director for CISA’s Cybersecurity Division. “We urge every organization, large or small, to follow the guidance released today and take steps now to protect their organizations against ransomware threats.”