Will Akira hit Finland? A serious warning to Finnish companies

In the past six months, ten Finnish organizations have fallen victim to the Akira ransomware. The Cybersecurity Center urges to prepare for a cyber attack in time.

The Akira ransomware has hit ten Finnish organizations this year. Adobe Stock

The Finnish Transport and Communications Agency Traficom’s Cybersecurity Center warns in his weekly review ransomware from Akira, which actively targets domestic organizations with ransomware attacks.

According to the Cybersecurity Center, Akira has been found to be exploiting especially the fall Cisco network device vulnerability CVE-2023-20269 and weakly protected Cisco VPN solutions.

– For VPN solutions as well, multi-step identification is vital to protect yourself from cyber attacks. Educating users is emphasized, for example, with regard to strong passwords and phishing messages.

Even a strong password does not help if the attacker gets to know it, for example, through a phishing message, the Cyber ​​Security Center reminds.

“Extremely active”

The first Akira blackmail cases came to the attention of the Cybersecurity Center in the summer. A total of ten reports have been made to Akira attacks this year.

– Akira has been particularly active compared to other ransomware actors based on the statistics at the end of the year.

Akira has been found to encrypt, for example, different file types of virtual machines that can serve as backups.

At worst, the known attacks have succeeded in encrypting the organization’s entire IT infrastructure.

The story continues below the picture.

How does your company cope with a situation where, for example, none of the employees can log in to their computer? Adobe Stock

Get ready before it’s too late

The Cyber ​​Security Center emphasizes the importance of current backups and processes designed for cyber disruption situations.

– Recovering from a cyber breach is faster and more efficient, if preparation work is done before the organization becomes the target of a ransomware, the Cyber ​​Security Center points out in its release.

Cyber ​​Security Center told earlier in the fallthat the root cause of ransomware attacks is often related to devices or services visible on the internet that have not been updated.

– Prompt patching or updating of vulnerabilities in particular is of paramount importance in combating ransomware, it pointed out.

Communication, communication, communication

The Cyber ​​Security Center recommends Finnish organizations to prepare for cyber disruptions also in terms of communication.

An information security expert at the Cybersecurity Center reminded us of this earlier in the fall Matias Mesia. Iltalehti interviewed Mesiä regarding the ransomware attack on the Finnish company KWH Freeze.

The story continues below the picture.

A ransomware attack can completely paralyze a company’s operations in the worst case. Adobe Stock

– Companies communicate in these situations in very different ways. It is really important to think about how to do it in a crisis situation. However, there is no one right solution, Mesia told Iltalehte in November.

According to Mesiä, some of the companies may hold a complete dumb school for, for example, authorities who have learned about a ransomware attack and are trying to offer their help to resolve the situation.

– It’s a really difficult situation if we, as an authority, try to help and ask for additional information from our international contacts, and we don’t get any information from within the organization. We can’t really do anything then, Mesia complained.

– The communication side is a really big part of the situation when “cyber” hits the fan, Mesia said.

In 2023, the Cybersecurity Center has come to the attention of dozens of ransomware malware cases.

What ransomware?

Ransomware refers to malware designed to blackmail a target.

Ransomware software can, for example, encrypt or completely lock files on a computer or server. At worst, this can paralyze the operation of a company or organization completely.

The victim is typically required to pay the virtual currency bitcoin for unlocking. If the victim does not act as requested, blackmailers often threaten to publish the captured data.

Source: Cyber ​​Security Center

Watch the video to see how everyone can prepare for a cyber attack.

ttn-54