The Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF), and the Personal Data Protection Commission (PDPC) have issued a warning to organisations about the Akira ransomware variant, which has been targeting businesses across various sectors.
The authorities urge organisations to adopt robust cybersecurity measures to protect against these attacks.
Akira ransomware, first detected in March 2023, operates under a “ransomware-as-a-service” (RaaS) model, affecting both Windows and Linux systems.
The Akira threat group targets a wide range of sectors, including education, finance, manufacturing, and healthcare, demanding ransoms based on the victim’s business profile.
Akira affiliates gain initial access by exploiting vulnerabilities, brute-forcing services like Remote Desktop Protocol (RDP), social engineering, and using compromised credentials.
Once inside, they create new domain accounts and escalate privileges using various tools. They also gather system and network information to further their attacks.
Organisations are advised to enforce strong password policies and implement multi-factor authentication to prevent unauthorised access.
Regular updates and patches for systems and software are crucial to fix vulnerabilities that could be exploited by cybercriminals.
Additionally, installing reputable anti-virus and anti-malware software can help detect and prevent ransomware infections.
Maintaining routine backups of critical data is essential for ensuring business continuity.
Organisations should create and save copies of important files to external and offline storage devices, including immutable copies, to allow for system restoration in the event of a cybersecurity incident.
Regular testing of these backups is necessary to ensure data can be recovered and restored promptly, minimising data loss.
Following the 3-2-1 rule is recommended: maintain three copies of backups, use two different media formats, and keep one set of backups off-site.
In addition to backups, developing comprehensive incident response and business continuity plans is vital.
Organisations should conduct exercises to test these plans before an actual ransomware attack occurs, enabling swift and decisive action to mitigate the situation.
Business Continuity Plans (BCPs) should be tailored to minimise the impact on business operations in the event of an attack.
Implementing data minimisation practices is also recommended. Organisations should only collect, process, store, and retain data essential for business, operational, or legal requirements.
Reducing the amount of unnecessary data collected can lessen the impact of a data breach and decrease the resources needed for data protection.
Employee education plays a critical role in cybersecurity. Regular training sessions should be conducted to make employees aware of phishing and other social engineering tactics used by cybercriminals.
Simulated phishing exercises are an effective way to reinforce this training and help mitigate risks. Organisations should also monitor the awareness and adoption levels of their employees.
The authorities strongly advise against paying ransoms, as this does not guarantee data recovery and may encourage further criminal activity.
Instead, organisations are urged to report ransomware incidents to the authorities immediately and seek assistance from reputable sources for decryption tools.
By following these recommendations, organisations can significantly reduce the risk of ransomware attacks and protect their critical data and operations.
Featured image credit: Edited from Freepik