Finland warns of Akira ransomware wiping NAS and tape backup devices

pVMware confirms critical vCenter flaw now exploited in attacksppCISA emergency directive Mitigate Ivanti zerodays immediatelyppVans North Face owner says ransomware breach affects 35 million peopleppTeamViewer abused to breach networks in new ransomware attacksppTrezor support site breach exposes personal data of 66000 customersppHackers start exploiting critical Atlassian Confluence RCE flawppGet handson training with this 50 CompTIA exam prep simulation bundleppTietoevry ransomware attack causes outages for Swedish firms citiesppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to open a Windows 11 Command Prompt as AdministratorppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppeLearningppIT Certification CoursesppGear GadgetsppSecurityppppThe Finish National Cybersecurity Center NCSCFI is informing of increased Akira ransomware activity in December targeting companies in the country and wiping backupsppThe agency says that the threat actors attacks accounted for six out of the seven cases of ransomware incidents reported last monthppWiping the backups amplifies the damage of the attack and allows the threat actor to put more pressure on the victim as they eliminate the option of restoring the data without paying a ransomppSmaller organizations often use networkattached storage NAS devices for this purpose but the Finnish agency highlights that these systems were not spared in Akira ransomware attacksppThe attackers also targeted tape backup devices which are typically used as a secondary system for storing digital copies of the datappIn all cases efforts have been made to meticulously destroy backups and the attacker indeed goes to great lengths for this reads a machinetranslated version of the notificationppNetworkAttached Storage NAS devices often used for backups have been broken into and emptied as well as automatic tape backup devices and in almost all cases we know of all backups were lost the agency informsppThe NCSCFI suggests that organizations switch to using offline backups instead spreading the copies across various locations to protect them from unauthorized physical accessppThe Finnish agency says the Akira ransomware attacks gained access on the victims network after exploiting CVE202320269 a vulnerability that affects the VPN feature in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD productsppThe vulnerability allows unauthorized attackers to carry out brute force attacks and find the credentials of existing users where there is no login protection such as multifactor authentication MFAppCVE202320269 was acknowledged by Cisco as a zeroday in September 2023 and fixes were released the following month However security researchers reported since early August 2023 that Akira ransomware had been leveraging it for accessppThe observed postcompromise activity includes mapping the network targeting backups and critical servers stealing usernames and passwords from Windows servers encrypting important files and encrypting disks of virtual machines on virtualization servers particularly those using VMware productsppTo avoid attacks that exploit this vulnerability organizations are strongly recommended to upgrade to Cisco ASA 916211 or later and Cisco FTD 667 or laterppTietoevry ransomware attack causes outages for Swedish firms citiesppNissan Australia cyberattack claimed by Akira ransomware gangppResearchers link 3AM ransomware to Conti Royal cybercrime gangsppVans North Face owner says ransomware breach affects 35 million peopleppSave 63 on this Cisco network engineer certification training bundleppNot a member yet Register NowppCourt charges dev with hacking after cybersecurity issue disclosureppTietoevry ransomware attack causes outages for Swedish firms citiesppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp