Akira ransomware attackers are wiping NAS and tape backups

2024-01-12 14:06

NCSC-FI has received 12 reports of Akira ransomware hitting Finnish organizations in 2023, and three of the attacks happened during Christmas vacations.

"Of the ransomware malware cases reported to the Cybersecurity Center in December, six out of seven involved Akira family malware," they added.

The attackers pinpointed and targeted organizations with vulnerable internet-facing Cisco ASA or FTD devices and found and wiped target organizations' backups before deploying the ransomware.

Once in, they scanned the network, deleted backups and encrypted physical and virtual servers.

"NAS servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost."

"For the most important backups, it would be advisable to follow the 3-2-1 rule. That is, keep at least three backups in two different places and keep one of these copies completely off the network," NCSC-FI information security expert Olli Hönö pointed out.

News URL

https://www.helpnetsecurity.com/2024/01/12/finland-akira-ransomware/

#backup #NAS #ransomware #wiping

News URL

Related news