Advisoryseverity: High2024-04-18
FBI, CISA, Europol, NCSC-NL issue joint #StopRansomware advisory on Akira
published by CISA
Actor
Ransomware-as-a-service operation active since March 2023, characterized by an unusually retro 1980s-terminal-styled leak site. CISA estimated $42M+ in extracted ransoms across 250+ organizations wit…
Summary
FBI, CISA, the Europol European Cybercrime Centre, and the Netherlands' National Cyber Security Centre published the first joint #StopRansomware advisory on Akira (AA24-109A), detailing initial-access TTPs against Cisco VPN appliances without MFA (CVE-2020-3259, CVE-2023-20269), Megazord and Akira_v2 tradecraft, and a multi-page IOC table covering encryptor hashes and supporting tooling.
Tags
advisorystopransomwarecisco-vpn