CISA, FBI and Partners Unveil Critical Guidance to Protect Against Akira Ransomware Threat

Provides: New Insights to Combat Ransomware Threats across Multiple Business Sectors and Critical Infrastructure WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Department of Defense Cyber Crime Center (DC3), Department of Health and Human Services (HHS), and international partners released updated guidance today to help organizations protect their cyber systems against an evolving ransomware threat. The joint advisory details new methods used by the Akira ransomware group. The group primarily targets small and medium-sized businesses, but has also conducted operations against larger organizations across various sectors in the manufacturing, educational, information technology, healthcare, financial, and food and agriculture sectors. By providing IT professionals with indicators of compromise (IOC) and tactics, techniques and procedures (TTPs), the joint advisory helps IT professionals identify Akira ransomware activity and safeguard their networks. CISA and the FBI are providing steps that organizations should take immediately, including regularly backing up crucial data, enforcing multifactor authentication, and prioritizing the remediation of known exploited vulnerabilities. “The threat of ransomware from groups like Akira is real and organizations need to take it seriously, with swift implementation of mitigation measures,” said Nick Andersen, Executive Assistant Director for the Cybersecurity Division (CSD) at CISA. “During the multi-week government shutdown and the temporary lapse of the Cybersecurity Information Sharing Act of 2015, CISA remained steadfast in its commitment to get actionable information out to the critical infrastructure owners and operators that Americans depend on every day. We urge every organization, large or small, to follow the guidance released today and take steps now to protect their organizations against ransomware threats.” “Akira ransomware doesn’t just steal money - it disrupts the systems that power our hospitals, schools, and businesses,” said FBI Cyber Division Assistant Director Brett Leatherman. “Behind every compromised network, you’ll find real people and communities harmed by callous cyber criminals. The FBI is using every tool available - our authorities, intelligence, capabilities, and partnerships - to pursue those responsible and make their operations more costly and less profitable. We urge every organization to remain vigilant and to quickly report intrusions to their local FBI field office. Together, we can deny ransomware actors the access and profits they seek.” Today’s guidance is an update to an earlier advisory and includes new IOCs and TTPs to help organizations secure their networks. It is part of CISA and the FBI’s ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. Visit StopRansomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost tools and resources.