Skip to content

Akira Ransomware Mutates to Target Linux Systems, Adds TTPs

Posted by:
< 1 min read

September 22, 2023 – Published on Dark Reading

Arika ransomware has continued to evolve since emerging as a threat in March, expanding its reach from initially targeting Windows systems to include Linux servers and employing a growing array of tactics, techniques, and procedures (TTPs).

The infection chain actively targets Cisco ASA VPNs lacking multifactor authentication to exploit the CVE-2023-20269 vulnerability as an entry point.

As of early September, the group had successfully hit 110 victims, focusing on targets in the US and the UK.

According to a recent GuidePoint Security’s GRIT report, educational organizations have been disproportionately targeted by Akira, representing eight of its 36 observed victims.

The ransomware campaign involves multiple malware samples that carry out various steps, including shadow copy deletion, file search, enumeration, and encryption, when executed.

Read More HERE.

Categories: Incident Response & Threat Intelligence News
Tags:GRITransomware

GuidePoint Security

GRIT Ransomware Report-2024-Q2
Following an increased pace of observed ransomware operations in Q1 2024, Q2 saw a continued increase in reported victims relative to Q1 2024. This increase was paired with an increase in distinct active ransomware groups between Q1 and Q2, continuing the trend of diffusion of victims between a greater number of seemingly distinct groups.
Download Now

Related Articles

View All

  • GRIT Blog
GRIT Ransomware Report: May 2024
Posted by: Justin Timothy
Published 06/13/24, 08:45am
Read More 18 min read
  • GRIT Blog
Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider
Posted by: Jason Baker
Published 06/12/24, 05:45am
Read More 11 min read
  • Blog
The Art of Self-Defense: Security Validation Through Attack Simulation
Posted by: Conor Murphy
Read More 5 min read