Joint Cybersecurity Advisory on Akira Ransomware

This document is a joint Cybersecurity Advisory (CSA) released by the FBI, CISA, Europol’s EC3, and the Netherlands’ NCSC-NL, focusing on the Akira ransomware. It aims to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with Akira ransomware, which has affected numerous organizations since March 2023. The advisory outlines the ransomware's evolution, including its initial focus on Windows systems and the subsequent deployment of a Linux variant targeting VMware ESXi virtual machines. The document details the impact of Akira ransomware, which has reportedly affected over 250 organizations and generated approximately $42 million in ransom proceeds. It provides specific actions organizations can take to mitigate risks, such as enabling multifactor authentication and regularly updating software. The advisory also discusses the technical details of Akira's operations, including methods of initial access, persistence strategies, and encryption techniques used by the threat actors.