How to decrypt undecipherable data and protect your system from attacks.
Experts say that attackers have become more likely to use the Akira ransomware to penetrate corporate networks of companies through CiscoVPN. Akira was first launched in March 2023. Now the program has been supplemented with a Linux cryptographer for attacks on VMware ESXi virtual machines.
The ransomware exploits already compromised Cisco VPN accounts. Therefore, hackers do not need to install additional backdoors and permanent access mechanisms. As Sophos pointed out in its report after one of the attacks in May, hackers gained access to the corporate network using one-factor authentication.
A cybersecurity researcher known as "Aura" explained that the Cisco ASA (Adaptive Security Appliance, Network Security Solution) devices do not have a logging system. Because of this, it is impossible to determine whether the accounts were hacked using password matching or bought on dark markets.
SentinelOne WatchTower analysts have suggested that Akira exploits unknown vulnerabilities in Cisco VPN software to bypass authentication systems. According to the company, the ransomware also uses the RustDesk algorithm to navigate compromised networks. RustDesk is a legal remote access tool that runs on Windows, macOS, and Linux platforms. It is known for encrypted P2P connections and the ability to transfer files.
Other tactics found in Akira's arsenal include manipulating SQL databases, disabling firewalls, activating remote desktop (RDP), and disabling Windows Defender and LSA Protection protection mechanisms.
Due to the growing number of attacks, a Cisco representative confirmed that their VPN products will support multi-factor authentication from different vendors. This will provide an additional layer of protection, which will make the task more difficult for hackers.
Avast, a company specializing in antivirus development, in June 2023 introduced a free tool for decrypting data encrypted by Akira. However, this decoder is only effective against old "strains". At the same time, Akira developers have already made changes to their algorithms.
Experts say that attackers have become more likely to use the Akira ransomware to penetrate corporate networks of companies through CiscoVPN. Akira was first launched in March 2023. Now the program has been supplemented with a Linux cryptographer for attacks on VMware ESXi virtual machines.
The ransomware exploits already compromised Cisco VPN accounts. Therefore, hackers do not need to install additional backdoors and permanent access mechanisms. As Sophos pointed out in its report after one of the attacks in May, hackers gained access to the corporate network using one-factor authentication.
A cybersecurity researcher known as "Aura" explained that the Cisco ASA (Adaptive Security Appliance, Network Security Solution) devices do not have a logging system. Because of this, it is impossible to determine whether the accounts were hacked using password matching or bought on dark markets.
SentinelOne WatchTower analysts have suggested that Akira exploits unknown vulnerabilities in Cisco VPN software to bypass authentication systems. According to the company, the ransomware also uses the RustDesk algorithm to navigate compromised networks. RustDesk is a legal remote access tool that runs on Windows, macOS, and Linux platforms. It is known for encrypted P2P connections and the ability to transfer files.
Other tactics found in Akira's arsenal include manipulating SQL databases, disabling firewalls, activating remote desktop (RDP), and disabling Windows Defender and LSA Protection protection mechanisms.
Due to the growing number of attacks, a Cisco representative confirmed that their VPN products will support multi-factor authentication from different vendors. This will provide an additional layer of protection, which will make the task more difficult for hackers.
Avast, a company specializing in antivirus development, in June 2023 introduced a free tool for decrypting data encrypted by Akira. However, this decoder is only effective against old "strains". At the same time, Akira developers have already made changes to their algorithms.
