Akira Ransomware-as-a-Service (RaaS) targeting Swedish organizations  

Recent ransomware attacks on European organizations have attracted significant attention, primarily due to the involvement of threat actors with Russian connections or origins. Of particular concern is the latest attack on an IT service provider, which has had a profound impact on Swedish companies, government agencies, and municipalities. 

About the threat actor: Akira Ransomware 

In the recent attack on Swedish organizations, the perpetrator employed the relatively new Akira Ransomware, which was first observed in March 2023. This ransomware is associated with the Ransomware-as-a-Service (RaaS) group known as Akira, also referred to as Storm-1567, Punk Spider, and GOLD SAHARA. 

The Akira group operates as a double-extortion group, employing a tactic where they not only encrypt victims’ data, but also exfiltrate it. This allows them to threaten victims with both the non-return of their data, and the public exposure of the stolen information. 

The primary method utilized by the group involves exploiting vulnerabilities in client infrastructure, particularly targeting vulnerable VPN software, and obtaining credentials for such software. 

How to protect your business against RaaS 

Protecting your business against RaaS attacks requires a multi-faceted approach due to the various ways initial access can occur. Here are some effective steps to enhance your defense: 

  1. Implement a strong password policy and enable MFA: Enforce the use of strong, unique passwords for all accounts and enable Multi-Factor Authentication (MFA) wherever possible. This adds an extra layer of security to prevent unauthorized access. 
  1. Enhance user awareness: Educate your employees about the risks associated with RaaS attacks and the importance of practicing good cybersecurity hygiene. Regular training and awareness programs can significantly strengthen your defense against social engineering tactics. 
  1. Regularly patch and update systems: Keep your systems up to date with the latest security patches and software updates. Regularly scan both external and internal networks for vulnerabilities, prioritizing those commonly exploited by attackers. 
  1. Implement network segmentation: Instead of relying solely on a strong perimeter defense, consider implementing network segmentation. This approach divides your network into segments or zones, ensuring that if a breach occurs, its impact is limited to a specific area, minimizing the overall damage. 

By following these steps, you can significantly enhance your business’s resilience against RaaS attacks and reduce the likelihood of falling victim to such threats. 

How can Outpost24 help 

Outpost24 offers a range of solutions to help businesses strengthen their security posture and defend against RaaS attacks. Here’s how we can assist you: 

  1. Specops password solutions: Outpost24 can provide you with Specops password solutions to protect against the use of breached credentials and enhance resistance against social engineering attacks. These solutions help enforce strong password policies, and enable MFA for password resets and service desk identity verifications.  
  1. Vulnerability management solutions: By leveraging Outpost24’s vulnerability management solutions, you can stay informed about potential vulnerabilities in your systems and take proactive action to address them. This helps you identify and remediate security weaknesses before they can be exploited by attackers. 
  1. Threat intelligence solutions: Outpost24 offers threat intelligence solutions tailored to your specific needs. These solutions provide valuable insights into the tactics, techniques, and procedures employed by adversaries. By understanding your adversaries better, you can enhance your defense strategies and make informed decisions to mitigate risks effectively. 

Enhance your overall security posture with Outpost24. Speak with an expert today!  

About the Author

Martin Jartelius
Martin Jartelius CISO, Outpost24

Martin is the esteemed Outpost24 group CISO, bringing with him a wealth of experience in penetration testing and forensics. With more than a decade of dedicated work in the vulnerability management field, Martin not only oversees but also provides support to the teams engaged in researching threat actors, malware, and vulnerabilities.