Security News > 2024 > January > Finland warns of Akira ransomware wiping NAS and tape backup devices

Finland warns of Akira ransomware wiping NAS and tape backup devices
2024-01-11 15:01

The Finish National Cybersecurity Center is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.

Wiping the backups amplifies the damage of the attack and allows the threat actor to put more pressure on the victim as they eliminate the option of restoring the data without paying a ransom.

Smaller organizations often use network-attached storage devices for this purpose, but the Finnish agency highlights that these systems were not spared in Akira ransomware attacks.

The attackers also targeted tape backup devices, which are typically used as a secondary system for storing digital copies of the data.

"Network-Attached Storage devices often used for backups have been broken into and emptied, as well as automatic tape backup devices, and in almost all cases we know of, all backups were lost," the agency informs.

"For the most important backups, it would be advisable to follow the 3-2-1 rule. That is, keep at least three backups in two different locations and keep one of these copies completely off the network." - Olli Hönö, NCSC-FI. The Finnish agency says the Akira ransomware attacks gained access on the victims' network after exploiting CVE-2023-20269, a vulnerability that affects the VPN feature in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense products.


News URL

https://www.bleepingcomputer.com/news/security/finland-warns-of-akira-ransomware-wiping-nas-and-tape-backup-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-20269 Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.
network
low complexity
cisco CWE-863
critical
9.1