virus logo Threat Signal Report

Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259)

Description

What is the Akira Ransomware Attack? The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds. The ransomware group gains initial access via either less-secured VPN or Cisco vulnerabilities. Once the network is compromised, the threat actor is able to target a system and encrypt files with .akira extension.
What is the recommended Mitigation? Review attack surfaces and ensure that all systems are kept up-to-date with the latest patches. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization.
What FortiGuard Coverage is available? FortiGuard Labs has existing AV signatures (i.e. W64/Akira.C!tr.ransom) to block all the known malware variants used by Ransomware group and has blocked related IoCs via Web filtering service.

Appendix

CISA Advisory: Akira Ransomware


Date Apr 19, 2024
CVE ID CVE-2023-20269
CVE-2020-3259
Threat/
Vulnerability		 Ransomware
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services