The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.
The agency says that the threat actor's attacks accounted for six out of the seven cases of ransomware incidents reported last month.
Wiping the backups amplifies the damage of the attack and allows the threat actor to put more pressure on the victim as they eliminate the option of restoring the data without paying a ransom.
Smaller organizations often use network-attached storage (NAS) devices for this purpose, but the Finnish agency highlights that these systems were not spared in Akira ransomware attacks.
The attackers also targeted tape backup devices, which are typically used as a secondary system for storing digital copies of the data.
“In all cases, efforts have been made to meticulously destroy backups, and the attacker indeed goes to great lengths for this,” reads a machine-translated version of the notification.
“Network-Attached Storage (NAS) devices often used for backups have been broken into and emptied, as well as automatic tape backup devices, and in almost all cases we know of, all backups were lost,” the agency informs.
The NCSC-FI suggests that organizations switch to using offline backups instead, spreading the copies across various locations to protect them from unauthorized physical access.
“For the most important backups, it would be advisable to follow the 3-2-1 rule. That is, keep at least three backups in two different locations and keep one of these copies completely off the network.” - Olli Hönö, NCSC-FI
Breached via Cisco VPNs
The Finnish agency says the Akira ..
Support the originator by clicking the read the rest link below.
