Akira Ransomware: Backup Targeting

Summary

The Akira ransomware group is escalating its attacks, targeting backup systems to cripple recovery efforts. Finnish authorities warn of increased activity and data exfiltration. Businesses must prioritize robust security measures and backup strategies to mitigate this growing threat.

Explore the data solution with built-in protection against ransomware TrueNAS.

** Main Story**

Akira Ransomware: They’re Coming for Your Backups

Since March 2023, the Akira ransomware group has been a thorn in the side of cybersecurity professionals, and honestly, it’s only getting worse. At first, they were just targeting Windows systems, but like any good villain, they’ve expanded their horizons. By June 2023, Linux servers were on the hit list too. Now? According to recent reports from Finland’s NCSC-FI, Akira’s gone after something even more vital: our backups. Network-attached storage (NAS), tape backups – nothing’s safe. And that means we all have to re-evaluate our defenses.

Why target backups? It’s simple, really: Akira wants to eliminate your safety net, maximizing their leverage. Without a way to recover, you’re far more likely to pay up. This is a game of high stakes, and we need to be ready to play.

Akira’s Modus Operandi

Akira uses a Ransomware-as-a-Service (RaaS) model, so think of it as franchising ransomware. Basically, they provide the malware, and affiliates use it to attack organizations, splitting the ransom profits. This RaaS model has allowed them to spread their reach, impacting businesses, construction, critical infrastructure, education, manufacturing, retail, and technology sectors. They’re not picky, but they seem to enjoy targeting larger enterprises, and frequently demand ransoms in the hundreds of millions of dollars.

Typical attacks involve exfiltrating your data, encrypting everything, and then demanding a ransom, with the threat of leaking your dirty laundry if you don’t pay up. And there’s a suspicion that Akira has ties to the now-defunct Conti ransomware group – so some old dogs may have learned new tricks. Which makes them especially dangerous and adaptive.

The Critical Importance of Backup and Recovery

We used to think backups were a rock-solid last line of defense, right? A reliable way to restore your systems and data after an attack. But Akira’s directly attacking that defense and, and that leaves us more vulnerable. By wiping out backups, they take away your ability to recover, leaving you with a tough choice, pay the ransom or kiss your data goodbye. No one wants to face that choice, do they?

Protecting Your Organization: It’s All About Layers

So, how do you protect yourself? Here’s the deal. You need to rethink your backup and recovery strategies. Period. You can’t take a set-and-forget attitude. It is not something you can sleepwalk through. We need to be proactive. Here’s a few steps you can take:

• Multi-Factor Authentication (MFA): Seriously, if you’re not using MFA on everything, especially VPNs and accounts with access to critical systems, you’re playing with fire. Implement MFA ASAP. It’s one of the simplest, yet most effective steps you can take to secure an organization.
• Regular Patching: Keep your software updated. Vulnerability assessments are also essential. Why leave the door open for attackers?
• Offline Backups: Disconnect your backups from the network. It’s a pain, yes, but it stops ransomware from spreading laterally and wiping them out. The air gap is still the king.
• Offsite Backups: Store backups in a different location. What happens if there’s a fire or some other disaster at your primary location?
• Immutable Backups: Use storage tech that prevents modifications or deletions of your backups. Because if the attackers can’t change them, they can’t destroy them.
• Regular Testing: Don’t just assume your backups work. Test your recovery procedures regularly. It’s better to find out now that something is broken, than during a live incident. This could be the most vital one of all. It’s like that old saying; measure twice, cut once.

The evolving threat landscape of Akira serves as a stark reminder to be vigilant and proactive. By investing in security measures, as well as a sound backup and recovery strategy, organizations can significantly strengthen their defenses. While it’s not a guarantee of safety, it puts you in a much better position to weather the storm. And really, isn’t that the goal? This information reflects the current understanding as of March 1st, 2025, so stay alert, because the landscape is constantly changing.