Singapore Businesses Beware: Akira Ransomware Threat Looms
The insidious Akira ransomware, responsible for stealing $42 million from over 250 organizations globally, has set its sights on Singapore. Local businesses are urged to be vigilant as authorities issued a joint advisory highlighting the rising threat of this cyber menace.
The Singapore Cyber Security Agency (CSA), Singapore Police Force (SPF), and Personal Data Protection Commission (PDPC) issued the alert after receiving reports from victims of Akira ransomware attacks. Prior investigations by the US Federal Bureau of Investigation (FBI) revealed that Akira primarily targets businesses and critical infrastructure entities.
Singaporean authorities provided crucial information on how to detect, deter, and neutralize these cyberattacks. Importantly, they strongly advise businesses against succumbing to ransom demands.
Resisting Ransom Demands
The Akira attackers demand ransom payments in cryptocurrencies like Bitcoin to relinquish control of compromised computer systems and stolen data. However, Singaporean authorities emphasize the importance of not giving in:
“If your organization’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”
Furthermore, paying ransom may embolden attackers and increase the risk of future extortion attempts. The FBI has observed instances where Akira attackers never contact victims, expecting them to initiate communication.
Building Defenses Against Akira
To fortify their defenses against Akira and similar threats, businesses are encouraged to implement the following measures:
Develop a Comprehensive Recovery Plan: Having a robust plan for restoring data and systems after a cyberattack is crucial for minimizing downtime and disruption.
Enforce Multi-Factor Authentication (MFA): This extra layer of security makes unauthorized access significantly more difficult.
Filter Network Traffic: Implement measures to identify and block suspicious network activity.
Disable Unused Ports and Hyperlinks: Unnecessary access points create potential vulnerabilities.
Enable System-Wide Encryption: Encrypting data renders it unusable if stolen.
The emergence of Akira in Singapore underscores the ever-evolving landscape of cyber threats. In a recent example, cybersecurity firm Kaspersky identified Durian malware targeting South Korean cryptocurrency businesses. Believed to be the work of North Korean hackers, Durian boasts advanced capabilities for stealing data and manipulating systems.
Kaspersky also linked LazyLoad, another malware, to the Andariel sub-group within the notorious Lazarus Group (also believed to be North Korean). This suggests potential connections between different hacking groups, highlighting the complex and interconnected nature of cybercrime.
By staying informed about emerging threats and implementing robust cybersecurity measures, businesses in Singapore can better protect themselves from the growing menace of ransomware attacks.
