Akira 勒索軟體：造成毀滅性後果的全球網路禍害

FBI 和其他國際網路安全機構對Akira 勒索軟體團夥發出警告，該團夥自2023 年3 月以來已影響了250 多個組織，勒索了4,200 萬美元。 VPN 提取憑證並鎖定係統。攻擊者要求支付比特幣，但拒絕支付最初的贖金要求，而是直接聯繫受害者。

Akira Ransomware: A Global Threat with Dire Implications

Akira 勒索軟體：具有可怕影響的全球威脅

Washington, D.C. - A year-old ransomware group known as Akira has emerged as a formidable cyberthreat, targeting businesses and critical infrastructure entities worldwide. In a joint cybersecurity advisory, top global cybersecurity agencies, including the United States Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), have issued a stark warning about the group's malicious activities.

華盛頓特區 - 一個名為 Akira 的勒索軟體組織已成為一種可怕的網路威脅，目標是全球企業和關鍵基礎設施實體。在聯合網路安全諮詢中，全球頂級網路安全機構，包括美國聯邦調查局(FBI)、網路安全和基礎設施安全局(CISA)、歐洲刑警組織的歐洲網路犯罪中心(EC3) 和荷蘭國家網路安全中心(NCSC) -NL）已對該組織的惡意活動發出嚴厲警告。

Investigations conducted by the FBI have revealed that Akira ransomware has breached more than 250 organizations, extorting an estimated $42 million in ransom payments. Its targets have spanned North America, Europe, and Australia, with a wide range of industries and sectors falling victim to its malicious code. Initially targeting Windows systems, the FBI has also detected a Linux variant of Akira, expanding its reach even further.

FBI 進行的調查顯示，Akira 勒索軟體已侵入 250 多個組織，勒索了約 4,200 萬美元的贖金。其目標遍及北美、歐洲和澳大利亞，許多行業和部門都成為其惡意程式碼的受害者。 FBI 最初針對的是 Windows 系統，現在也偵測到了 Akira 的 Linux 變體，進一步擴大了其影響範圍。

The joint cybersecurity advisory provides a detailed analysis of Akira's tactics, techniques, and procedures (TTPs). The ransomware group gains initial access through pre-installed virtual private networks (VPNs) that lack multifactor authentication (MFA), a critical security measure that adds an extra layer of protection by requiring multiple forms of identification. Once inside the network, Akira proceeds to extract credentials and other sensitive information before locking up the system and displaying a ransom note.

聯合網路安全諮詢對 Akira 的策略、技術和程序 (TTP) 進行了詳細分析。勒索軟體集團透過預先安裝的虛擬私人網路(VPN) 獲得初始存取權限，但缺乏多重身份驗證(MFA)，這是一項關鍵的安全措施，透過要求多種形式的身份驗證來增加額外的保護層。一旦進入網絡，Akira 就會繼續提取憑證和其他敏感訊息，然後鎖定係統並顯示勒索資訊。

Notably, Akira threat actors deviate from typical ransomware practices by not leaving an initial ransom demand or payment instructions on compromised networks. Instead, they wait for the victim organization to contact them, creating a sense of uncertainty and urgency. The ransomware group demands payments in Bitcoin (BTC), a decentralized digital currency that allows for anonymous transactions.

值得注意的是，Akira 威脅行為者偏離了典型的勒索軟體做法，不會在受感染的網路上留下初始贖金要求或付款指令。相反，他們等待受害者組織聯繫他們，從而造成一種不確定性和緊迫感。該勒索軟體組織要求以比特幣（BTC）付款，比特幣是一種允許匿名交易的去中心化數位貨幣。

To protect against Akira ransomware and similar threats, the advisory recommends implementing a comprehensive set of cybersecurity best practices. These measures include:

為了防範 Akira 勒索軟體和類似威脅，該建議建議實施一套全面的網路安全最佳實踐。這些措施包括：

• Developing and regularly testing a recovery plan
• Enabling MFA on all remote access systems
• Filtering network traffic, including blocking unused ports and disabling hyperlinks
• Encrypting data across the entire system
• Regularly updating software and applying security patches

The advisory also highlights the importance of continually testing security programs in a production environment to ensure optimal performance against the latest cyber threats.

制定並定期測試復原計畫在所有遠端存取系統上啟用MFA 過濾網路流量，包括阻止未使用的連接埠和停用超連結在整個系統中加密資料定期更新軟體並應用安全性修補程式該建議還強調了在生產環境中持續測試安全程序的重要性，以確保針對最新網路威脅的最佳效能。

"The FBI, CISA, EC3, and NCSC-NL strongly encourage organizations to take these recommendations seriously and implement appropriate security measures to protect their systems and data," the advisory concludes.

該諮詢總結道：“FBI、CISA、EC3 和 NCSC-NL 強烈鼓勵組織認真對待這些建議，並實施適當的安全措施來保護其係統和數據。”

The emergence of Akira ransomware is a stark reminder of the evolving sophistication and global reach of cybercrime. It underscores the need for organizations of all sizes to prioritize cybersecurity, adopt robust security measures, and remain vigilant against evolving threats.

Akira 勒索軟體的出現清楚地提醒人們網路犯罪的複雜性和全球影響力的不斷演變。它強調各種規模的組織都需要優先考慮網路安全，採取強有力的安全措施，並對不斷變化的威脅保持警惕。