Ransomware Group
Akira
Also known as: Akira Ransomware
Status: active • First seen 2023-03 • 250+ known victims
Akira is a fast-growing ransomware group that especially targets small and medium businesses - exactly the companies that often can't afford expensive security tools. They break in through VPN vulnerabilities and stolen credentials, steal data, encrypt files, and demand payment for both.
Overview
Akira is a newer ransomware operation that emerged in 2023 and has quickly become one of the most active groups. They target small and medium businesses with double extortion and have been particularly focused on the healthcare and education sectors.
Target Industries
Healthcare, Education, Manufacturing, Professional Services, Technology, Finance
How They Attack
- • Exploiting Cisco VPN vulnerabilities
- • Compromised valid VPN credentials
- • RDP exploitation
- • Using legitimate tools for lateral movement
- • PowerShell-based deployment
Notable Victims
Stanford University, Multiple healthcare providers, Various school districts, Law firms, Financial services companies
Is your business exposed?
How to Protect Against Akira
- 1.
Patch Cisco VPN and ASA products immediately
- 2.
Enable MFA on all VPN access
- 3.
Audit VPN user accounts and remove unnecessary access
- 4.
Monitor for suspicious PowerShell execution
- 5.
Maintain tested offline backups
- 6.
Implement network segmentation
MITRE ATT&CK Techniques
Related Groups
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required