Singapore authorities have cautioned its citizens against negotiating or paying any ransom to the Akira ransomware group. This comes after a recent incident of cyber-attack on a local law firm known as Shook Lin & Bok, which allegedly offered USD 1. Many users have had paid $4 million worth of Bitcoins in an effort to retrieve their lost data.
Key Details:
- Date of Advisory: The project proposal has to be submitted by June 7, 2024:
- Victim: Shook Lin & Bok law firm SEONGNAM-SI, KOREA
- Ransom Paid: USD 1. 4 million in Bitcoin
- Attack Details: A new ransomware has recently emerged as Akira ransomware by attacking the both Windows and Linux systems and which has virus spread started lately in in March 2023.
- Operation Model: Before moving to the next topic, it is necessary to explain the term used in the title of the hyperlink at the beginning of the article: “ransomware-as-a-service” or “RaaS” – while being a software distribution group, the attackers put out the virus to other individuals who wish to join in their team in exchange for a share in the money received from the victims.
June 7, 2024 8:36 PM: Singapore police along with CSA and PDPC said no to paying ransom as they came up with a joint statement warning people on the same.
Methodology of Attack:
- Initial Access: Akira affiliates gain access through vulnerabilities in VPN software or by brute-forcing external services like Remote Desktop Protocol.
- Persistence: They create new domain accounts and escalate privileges to maintain a foothold in the system.
- Data Theft: Sensitive information is exfiltrated using tools like WinRAR and MEGA before encryption.
Preventive Measures:
- Password Polices and Standards: The use of password that has a character length of not less than 12/ Characters Password that comprise of both the capital and small letters, numbers, as well as special characters.
- Multi-Factor Authentication (MFA): is crucial in preventing intrusions on services that are network accessible.
- Regular System Scans and Updates: Occasionally, check for vulnerable spots and upgrade system security to the most recent updates.
- Network Segmentation: Restrict traffic interconnectivity between subsnets to prevent ransomware from spreading around the organization.
- Routine Backups: The best plans should keep three copies of backups; two copies should be stored in different media, and one copy should be stored at a different physical location. Incident Response Plans: Perform routine workout and create sound BC plans.
Historical Context:
- March 2022: Vermin group observed deploying SPECTR malware in phishing campaigns.
- Recent Activities: Increase in cyber attacks using instant messaging apps like Signal to distribute malware.
Current State and Recommendations:
Authorities emphasize not paying ransoms as it does not ensure data recovery and can encourage further criminal activity. Organizations are advised to report incidents immediately and implement recommended security measures to mitigate risks.