Ransomware, Threat Intelligence

Accelerated Akira ransomware intrusions examined

(Adobe Stock)

CyberScoop reports that increasingly efficient techniques have significantly reduced the Akira ransomware operation's attack times.

Utilization of zero-day exploits and intermittent encryption has allowed Akira ransomware to achieve the entire attack kill chain from initial access to encryption within less than four hours, with certain intrusions having been completed without being detected within an hour, according to a Halcyon analysis. Akira has also prioritized ensuring the restoration of large files in the event of an interrupted encryption process, unlike other ransomware gangs that have mostly focused on encryption malware development.

"The group's ability to move from initial access to full encryption in under an hour, while maintaining recovery guarantees that incentivize victim payment, reflects a mature, business-driven criminal enterprise," said Halcyon.

Such findings come after Akira, which leverages a double-extortion model, was regarded by the FBI and the Cybersecurity and Infrastructure Security Agency as one of the most prolific ransomware gangs worldwide.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds