The speedy progression of ransomware attacks continues to evolve, with the Akira ransomware group demonstrating a new level of efficiency in data exfiltration. The BlackBerry Threat Research and Intelligence Team recently disclosed details of an Akira ransomware attack on a Latin American airline, highlighting the group’s ability to pilfer sensitive data in just over two hours.
This particular attack was executed by Storm-1567, a notorious user of the Akira ransomware-as-a-service (RaaS) platform. Storm-1567, also known as Punk Spider and Gold Sahara, has a history of conducting successful attacks across various industries globally. The group has recently expanded its target range to include Linux/VMware ESXi systems, showcasing a high level of technical expertise.
In the case of the LatAm airline attack, Storm-1567 gained initial access through an unpatched Veeam backup server using the Secure Shell (SSH) protocol. Once inside the network, the threat actor quickly seized the opportunity to extract valuable data from the compromised server before deploying the Akira ransomware the following day.
The rapid data exfiltration process took just 133 minutes, with the attackers utilizing legitimate tools and utilities to move stealthily within the network. By creating user accounts, establishing persistence, and leveraging reconnaissance techniques, Storm-1567 was able to extract a wealth of sensitive information from the airline’s systems.
The escalating speed at which ransomware attacks unfold is a cause for concern among cybersecurity experts. According to Palo Alto Networks’ 2024 Unit 42 Incident Response report, the time from compromise to data exfiltration has drastically decreased over the years. What used to take days now occurs in a matter of hours, leaving organizations with limited time to respond effectively.
Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry, stresses the importance of implementing robust security measures to combat these evolving threats. A zero-trust framework, thorough perimeter patching, and basic security hygiene practices are essential for safeguarding against rapid data exfiltration incidents like the one experienced by the airline.
As cybercriminals continue to refine their tactics and exploit vulnerabilities within organizational networks, the need for proactive defense strategies becomes paramount. By staying vigilant, updating security protocols, and prioritizing threat intelligence, businesses can mitigate the risk of falling victim to accelerated ransomware attacks.
In conclusion, the Akira ransomware group’s swift data exfiltration tactics serve as a stark reminder of the urgent need for enhanced cybersecurity measures in today’s digital landscape. Organizations must adapt to the evolving threat landscape by bolstering their defenses and staying ahead of cyber adversaries to safeguard sensitive data and prevent data breaches.