In December 2023, Finland’s National Cybersecurity Center (NCSC-FI) observed a significant uptick in Akira ransomware activity, with six out of seven reported ransomware incidents attributed to this threat actor. (bleepingcomputer.com)
Akira ransomware, which emerged in March 2023, has been particularly aggressive in its recent campaigns, not only encrypting data but also targeting and wiping backups stored on network-attached storage (NAS) and tape backup devices. This strategy amplifies the impact of the attack, leaving organizations with limited options for data recovery without paying the ransom. (bleepingcomputer.com)
The attackers exploited vulnerabilities in Cisco VPN products, specifically CVE-2023-20269, to gain unauthorized access to networks. This flaw allowed for brute-force attacks, enabling the discovery of user credentials lacking multi-factor authentication (MFA). Once inside, the attackers meticulously destroyed backups, including those on NAS and tape devices, in nearly all known cases. (bleepingcomputer.com)
Explore the data solution with built-in protection against ransomware TrueNAS.
To mitigate such threats, NCSC-FI recommends organizations implement offline backups and distribute copies across various locations to protect them from unauthorized physical access. For critical backups, following the 3-2-1 rule is advisable: maintain at least three backups in two different locations, with one copy completely off the network. (bleepingcomputer.com)
The Akira ransomware’s tactics underscore the evolving nature of cyber threats, emphasizing the need for robust cybersecurity measures and comprehensive backup strategies to safeguard against such sophisticated attacks.
The focus on targeting backups highlights a critical vulnerability for many organizations. Beyond the 3-2-1 rule, are there emerging best practices for ensuring backup immutability and recoverability in the face of these increasingly sophisticated ransomware attacks?
That’s a great point! Beyond 3-2-1, I’m seeing more organizations explore write-once-read-many (WORM) storage for immutability. Regular testing of recovery processes is also key – verifying that you can actually restore from backups, especially in isolated environments, is paramount. What other innovative strategies have you encountered?
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
The focus on wiping backups highlights the importance of not just the 3-2-1 rule, but also secure credential management. How can organizations better enforce MFA and monitor VPN access logs to prevent initial breaches that lead to backup compromise?
Great point about secure credential management! Enforcing MFA is crucial, and continuous monitoring of VPN access logs can certainly help detect anomalies. Perhaps layered security approaches, incorporating behavioral analytics to identify unusual access patterns, could add another protective layer against credential compromise. What are your thoughts?
Editor: StorageTech.News
Thank you to our Sponsor Esdebe