Arika ransomware, which initially targeted Windows systems, has evolved significantly since its emergence in March. It has now expanded its scope to include Linux servers, employing a diverse set of tactics, techniques, and procedures (TTPs).
A comprehensive report by LogPoint delves into the highly sophisticated nature of Akira ransomware. This malware encrypts victim files, erases shadow copies, and demands a ransom for data recovery. The attack chain actively exploits the CVE-2023-20269 vulnerability, focusing on Cisco ASA VPNs lacking multifactor authentication as an entry point.
As of early September, the group had successfully targeted 110 victims, with a particular emphasis on the US and the UK. A notable recent victim was the British quality-assurance company Intertek. The group also set its sights on manufacturing, professional services, and automotive organizations.
According to a recent report from GuidePoint Security’s GRI, educational institutions have borne a disproportionate brunt of Akira’s attacks, accounting for eight out of its 36 observed victims.
The ransomware campaign involves multiple strains of malware that carry out distinct steps, including shadow copy deletion, file search, enumeration, and encryption when executed.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: