In light of the Akira ransomware in Singapore, the police have advised businesses against paying ransom in case of a compromise and asked them to report the incident immediately.
The Akira ransomware variant is rising, prompting Singaporean authorities to jointly advise local enterprises.
Akira, the ransomware that inflicted $42 million in losses on more than 250 organizations in North America, Europe, and Australia within a year, is currently focusing on businesses in Singapore.
After receiving numerous complaints from victims of the cyberattack, the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF), and the Personal Data Protection Commission (PDPC) have issued an alert.
The primary targets of the Akira ransomware are as follows:
According to prior investigations by the United States Federal Bureau of Investigation (FBI), Akira ransomware has been targeting enterprises and critical infrastructure entities.
Singaporean authorities provided strategies for detecting, preventing, and neutralizing Akira attacks. It is recommended that businesses that have been compromised refrain from paying the assailants’ ransom.
Do not pay ransom
To regain control of their internal data and computer systems, Akira members request payments in cryptocurrencies, such as Bitcoin. Nevertheless, Singaporean authorities have asked businesses to refrain from processing payments.
“If your organization’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”
Furthermore, malicious entities may attempt to launch an additional attack to secure additional ransom. The FBI discovered that Akira does not communicate with the victims and anticipates that they will contact her.
The recommended threat mitigation strategies are implementing a recovery plan and multifactor authentication (MFA), restricting network traffic, disabling unused ports and hyperlinks, and implementing system-wide encryption.
Kaspersky, a cybersecurity firm, recently discovered that North Korean hackers employed Durian malware to target South Korean crypto businesses.
“Durian has a comprehensive backdoor functionality that allows for the execution of commands, the downloading of additional files, and the exfiltration of files,” Kaspersky explained.
Furthermore, Kaspersky observed that Andariel, a sub-group within the Lazarus Group, also employed LazyLoad. This North Korean hacking consortium implies a “tenuous” connection between Kimsuky and the more notorious hacking group.
