The Finnish National Cybersecurity Center (NCSC-FI) has issued a warning about increased Akira ransomware activity targeting companies in the country and wiping backups. According to the agency, six out of the seven reported ransomware incidents in December were attributed to the Akira ransomware.
The attackers have been targeting network-attached storage (NAS) devices and tape backup devices, destroying backups and putting pressure on victims to pay a ransom. The NCSC-FI recommends that organizations switch to using offline backups and follow the 3-2-1 rule for data protection.
The Akira ransomware attacks gained access to victims’ networks by exploiting CVE-2023-20269, a vulnerability affecting the VPN feature in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) products. To prevent attacks exploiting this vulnerability, organizations are advised to upgrade to Cisco ASA 9.16.2.11 or later and Cisco FTD 6.6.7 or later.