Security News > 2024 > January > Finland warns of Akira ransomware wiping NAS and tape backup devices

The Finish National Cybersecurity Center is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.

Wiping the backups amplifies the damage of the attack and allows the threat actor to put more pressure on the victim as they eliminate the option of restoring the data without paying a ransom.

Smaller organizations often use network-attached storage devices for this purpose, but the Finnish agency highlights that these systems were not spared in Akira ransomware attacks.

The attackers also targeted tape backup devices, which are typically used as a secondary system for storing digital copies of the data.

"Network-Attached Storage devices often used for backups have been broken into and emptied, as well as automatic tape backup devices, and in almost all cases we know of, all backups were lost," the agency informs.

"For the most important backups, it would be advisable to follow the 3-2-1 rule. That is, keep at least three backups in two different locations and keep one of these copies completely off the network." - Olli Hönö, NCSC-FI. The Finnish agency says the Akira ransomware attacks gained access on the victims' network after exploiting CVE-2023-20269, a vulnerability that affects the VPN feature in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense products.

News URL

https://www.bleepingcomputer.com/news/security/finland-warns-of-akira-ransomware-wiping-nas-and-tape-backup-devices/