Akira Attacks a US School District
Akira announced a successful breach of the School District of Nekoosa recently. The institution is located in Nekoosa, MI, and reportedly lost a significant amount of confidential data.
- Nekoosa representatives didn’t comment on the situation, but it is presumed that the institution has overcome the breach
- Akira announced that they will be releasing the stolen data publicly soon, which suggests that negotiations have failed
- Most victims typically refrain from negotiating with their attackers or pay the ransom
- For this reason, the majority of ransomware actors resort to the spray-and-pray MO, which involves hitting as many targets as possible over a short timespan
Akira operates as your standard ransomware entity, relying on affiliates to increase its reach and success. This allows the organization to strike at targets across the globe with ease and minimal fallout.
This strategy explains why Akira’s structure, members, and hierarchy are still unknown, despite extensive investigations from relevant entities. It is also what increases Akira’s success rates, as it’s able to hit more targets at the same time.
This recent attack falls in line with the latest trend showcasing an increase in ransomware breaches over the past several months. While it’s not as active as other ransomware actors, Akira is still a visible danger on the ransomware chart.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
What Makes Akira So Dangerous?
Several factors make Akira one of the most dangerous ransomware actors to date. These include:
- Adaptable MOs – Akira doesn’t rely on a one-size-fits-all attack strategy. Instead, it adapts to the victim’s vulnerabilities and uses multiple potential entry points. It’s not unusual for Akira to use phishing tactics or exploit public services and applications.
- Tough negotiator – If you’re hit by Akira, know that the negotiations will be tough. The ransomware actor rarely budges and it typically asks for obscene ransoms. It’s normal for Akira’s ransoms to reach in the millions in some cases.
- Indiscriminate attacks – Akira prefers to go for high-value targets, but everybody is at risk, really. Reports show that Akira hits indiscriminately, regardless of the industry. The only thing that matters is the victim’s perceived revenue.
Akira is also highly adaptable and resourceful, allowing it to tackle the toughest targets and come out on top. This has prompted regulatory agencies to deem Akira as one of the most dangerous ransomware actors today.
When it comes to the actual tactics, Akira stays true to the double-extortion practice. The actor encrypts the victim’s systems and steals valuable data to then either extort the victim or sell on the black market.
This brings us to a common practice among ransomware actors that increase the damages they inflict tenfold. That’s data sharing. In many cases, ransomware actors will either share the data they’ve acquired for free or sell it to one another.
They can then extort and blackmail the victim further, even if the original attacker has deleted the information. This is the main reason why experts warn against paying the ransom.
Akira’s tactics, negotiation attitude, and attack strategies paint a scary profile and show the organization’s growth potential over the years to come.