In a trend that has raised alarm across Finland, organizations are grappling with a sudden surge in ransomware attacks. The National Cyber Security Centre of Finland (NCSC-FI) has issued an alert in response to the increased activity. It is noteworthy that the Akira ransomware has been primarily responsible for this spike, with six out of the seven reported incidents in December attributed to this malicious software. The situation has been further exacerbated by the timing of these attacks, three of which occurred during the Christmas season – a period when vigilance in organizations might be understandably lower than usual.

Advertisment

Targeting Network Devices

The Akira ransomware has specifically targeted network devices such as the Cisco Adaptive Security Appliance and the Cisco Firepower Threat Defense appliances. The attackers exploit a zero-day vulnerability, known as CVE-2023-20269. This vulnerability facilitates brute-force attacks, enabling the perpetrators to gain unauthorized access to an organization's systems.

Destruction of Backups

Advertisment

Another disturbing aspect of these attacks is the deliberate and concerted effort by the attackers to destroy backups. They have compromised not only Network-Attached Storage (NAS) servers but also automatic tape backup systems. As a result, in most of the known cases, the victims have lost their backups entirely, significantly impeding recovery efforts and increasing the damage caused by the initial attack.

Beyond Finland

While Finland is the current epicenter of these attacks, the international community should take note. The Akira ransomware, like many other forms of malicious software, does not respect borders or jurisdictions. It is a global threat that requires a coordinated and robust response from organizations and governments worldwide.