Finland warns of Akira ransomware wiping NAS and tape backup devices

The Finish National Cybersecurity Center is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.
The agency says that the threat actor's attacks accounted for six out of the seven cases of ransomware incidents reported last month.
Wiping the backups amplifies the damage of the attack and allows the threat actor to put more pressure on the victim as they eliminate the option of restoring the data without paying a ransom.
Smaller organizations often use network-attached storage devices for this purpose, but the Finnish agency highlights that these systems were not spared in Akira ransomware attacks.
The attackers also targeted tape backup devices, which are typically used as a secondary system for storing digital copies of the data.
The NCSC-FI suggests that organizations switch to using offline backups instead, spreading the copies across various locations to protect them from unauthorized physical access.
The vulnerability allows unauthorized attackers to carry out brute force attacks and find the credentials of existing users, where there is no login protection such as multi-factor authentication.
CVE-2023-20269 was acknowledged by Cisco as a zero-day in September 2023 and fixes were released the following month.
Security researchers reported since early August 2023 that Akira ransomware had been leveraging it for access.
The observed post-compromise activity includes mapping the network, targeting backups and critical servers, stealing usernames and passwords from Windows servers, encrypting important files, and encrypting disks of virtual machines on virtualization servers, particularly those using VMware products.
To avoid attacks that exploit this vulnerability, organizations are strongly recommended to upgrade to Cisco ASA 9.16.2.11 or later and Cisco FTD 6.6.7 or later.
Nissan Australia cyberattack claimed by Akira ransomware gang.
Cisco says critical Unity Connection bug lets attackers get root.
Fidelity National Financial: Hackers stole data of 1.3 million people.
Ransomware victims targeted by fake hack-back offers.
Hackers target Microsoft SQL servers in Mimic ransomware attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 11 Jan 2024 15:05:28 +0000

Cyber News related to Finland warns of Akira ransomware wiping NAS and tape backup devices

Finland warns of Akira ransomware wiping NAS and tape backup devices - The Finish National Cybersecurity Center is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. The agency says that the threat actor's attacks accounted for six out of the seven cases ...
9 months ago Bleepingcomputer.com

Tietoevry ransomware attack causes outages for Swedish firms, cities - Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang. Tietoevry ...
9 months ago Bleepingcomputer.com

Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
9 months ago Bleepingcomputer.com

Ransomware wiping out data on tape backups and malware hitting MYSQL Servers - Finland's National Cyber Security Centre has issued a warning concerning a new wave of cyber threats, with hackers now deploying ransomware on Network Attached Storage appliances and tape storage media, aiming to obliterate stored information. The ...
9 months ago Cybersecurity-insiders.com

QNAP takes down server behind widespread brute-force attacks - QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital ...
11 months ago Bleepingcomputer.com

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
9 months ago Securityboulevard.com

US energy firm shares how Akira ransomware hacked its systems - In a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack. BHI Energy, part of Westinghouse Electric Company, is a specialty ...
11 months ago Bleepingcomputer.com

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com

The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
9 months ago Bleepingcomputer.com

LockBit takedown surges Akira Ransomware Attacks - Following the takedown of the LockBit Ransomware group's website in 'Operation Cronos' by law enforcement agencies, there has been a notable surge in the activity of the Akira Ransomware group in recent weeks. This rise has been particularly ...
7 months ago Cybersecurity-insiders.com

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com

Ransomware victims targeted by fake hack-back offers - Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. Both Royal and Akira ransomware ...
9 months ago Bleepingcomputer.com

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com

Business Data Backup and Recovery Planning - Data backup and recovery planning is essential in today's interconnected and data-driven business landscape. By understanding the significance of data backup and recovery planning, businesses can effectively protect their critical information and ...
8 months ago Securityzap.com

Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
1 year ago Bleepingcomputer.com

Zyxel warns of multiple critical vulnerabilities in NAS devices - Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage devices. Zyxel NAS systems are used for storing data ...
11 months ago Bleepingcomputer.com

Nissan Australia cyberattack claimed by Akira ransomware gang - Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. In a new entry added to the operation's date leak blog on December 22, Akira says that its operators ...
10 months ago Bleepingcomputer.com

Akira ransomware gang says it stole passport scans from Lush The Register - Passport scans are routinely collected to verify identities during the course of the hiring process, which suggests Akira's affiliate likely had access to a system containing staff-related data. Company documents relating to accounting, finances, ...
9 months ago Go.theregister.com

Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
10 months ago Helpnetsecurity.com

Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
7 months ago Feeds.fortinet.com

Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
8 months ago Securityboulevard.com

Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
8 months ago Malwarebytes.com

Akira Ransomware Attacks Surge. Finnish Companies Among Targets - The National Cyber Security Centre Finland announced a surge in Akira ransomware attacks. Threat actors used Akira malware in six out of the seven ransomware attacks reported in December 2023. The attackers used VPNs that lacked multi-factor ...
9 months ago Heimdalsecurity.com

Latest Cyber News

CVE-2024-43434 - 13 hours ago
CVE-2024-43436 - 13 hours ago
CVE-2024-43438 - 13 hours ago
CVE-2024-43440 - 13 hours ago
CVE-2024-43425 - 13 hours ago
CVE-2024-43426 - 13 hours ago
CVE-2024-43428 - 13 hours ago
CVE-2024-43431 - 13 hours ago
CVE-2024-8442 - 14 hours ago
CVE-2024-24914 - 15 hours ago
CVE-2024-10526 - 16 hours ago
CVE-2024-50169 - 17 hours ago
CVE-2024-50170 - 17 hours ago
CVE-2024-50171 - 17 hours ago
CVE-2024-50172 - 17 hours ago
CVE-2024-51504 - 17 hours ago
CVE-2024-50155 - 17 hours ago
CVE-2024-50156 - 17 hours ago
CVE-2024-50157 - 17 hours ago
CVE-2024-50158 - 17 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10081 - 1 day ago
CVE-2024-10082 - 1 day ago
CVE-2024-10916 - 1 day ago
CVE-2024-35146 - 1 day ago
CVE-2024-6861 - 1 day ago
CVE-2024-10919 - 1 day ago
CVE-2024-10920 - 1 day ago
CVE-2024-10318 - 1 day ago
CVE-2024-20371 - 1 day ago
CVE-2024-20418 - 1 day ago
CVE-2024-20445 - 1 day ago
CVE-2024-20457 - 1 day ago
CVE-2024-20476 - 1 day ago
CVE-2024-20484 - 1 day ago
CVE-2024-20487 - 1 day ago
CVE-2024-20504 - 1 day ago
CVE-2024-20507 - 1 day ago
CVE-2024-20511 - 1 day ago
CVE-2024-20514 - 1 day ago
CVE-2024-20525 - 1 day ago