The FBI is sounding the alarms over a prolific ransomware infection that has already managed to steal tens of millions of dollars from victims.
According to a joint bulletin the bureau posted with the Cybersecurity and Infrastructure Security Agency (CISA) and Europol, federal agents are tracking a long-running malware infection known as Akira.
Since it was first discovered last year, it is believed the ransomware has been able to extract roughly $42m in extortion payouts. Whatmore, authorities say the ransomware crew has expanding their activities to target Linux systems as well as Windows.
"Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," the agencies said in their bulletin.
"In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines. As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds."
Additionally, authorities believe that the malware crew behind the Akira attacks are using a number of techniques to cover their tracks and conceal the malware, including switching from C++ to Rust and employing a number of different infiltration tactics.
"According to FBI and open source reporting, Akira threat actors leverage post-exploitation attack techniques, such as Kerberoasting, to extract credentials stored in the process memory of the Local Security Authority Subsystem Service," The FBI said in sounding the alarm over the ransomware.
"Akira threat actors also use credential scraping tools like Mimikatz and LaZagne to aid in privilege escalation."
The FBI and CISA are advising administrators to safeguard against the ransomware by using best practices such as strong password policies, multifactor authentication, and segmenting IT and OT networks.