The Digital Insider | Year: 2024

Akira ransomware prevention and defense 2024

EXECUTIVE SUMMARY:

In March of 2023, the first Akira ransomware strain was observed in the wild. Since then, the group has compromised over 100 different organizations, targeting those in the financial, manufacturing, real-estate, healthcare and medical sectors.

Akira operates on a Ransomware-as-a-Service (RaaS) model and typically deploys a double-extortion scheme. This involves exfiltrating sensitive data prior to device encryption and insisting on a ransom in exchange for withholding the data from the group’s TOR leak site.

Most recently, Akira interrupted a U.S. emergency dispatch system, causing a nine-day operational outage. During the outage, dispatchers relied on backup systems. As of the present writing, full system restoration is still a work-in-progress.

About Akira

The group is believed to have taken its name from the 1988 cult anime film of the same name, which depicts biker gangs in a dystopian Tokyo. The Akira ransomware gang is known for use of a retro aesthetic on victims’ sites, reminiscent of the 1980’s green screen consoles.

Cyber security researchers have uncovered evidence linking the Akira group to the notorious Conti ransomware operation. In at least three separate cryptocurrency transactions, Akira criminals appear to have sent the full amount of the ransom payment to Conti-affiliated addresses.

The overlap of cryptocurrency wallets indicates that the individual controlling the address or wallet has either splintered off from the original group, or is working with two different groups simultaneously.

How Akira operates

Akira commonly breaches systems by obtaining unauthorized access to the target organization’s VPNs, as through a compromised username/password combination.

After sneaking in through an endpoint, Akira typically uses any of several methods to acquire permissions that enable lateral network movement.

These methods include orchestrating a mini-dump of the LSASS (Local Security Authority Subsystem Service) process memory, obtaining credentials stored in the Active Directory database and exploiting known vulnerabilities in backup software.

Advanced persistence mechanisms

Akira ordinarily deploys tools and techniques like Remote Desktop Protocol (RDP), Server Message Block (SMB), impacket module wmiexec, and a service manager tool known as nssm.exe, in order to gain persistence within systems.

As is the case among many cyber criminal groups, Akira also attempts to uninstall or disable security defenses, including anti-malware and network monitoring tools.

Beyond that, the group tends to use the runas command (a Windows command-line tool that allows for the execution of scripts, apps…etc., with different user permissions from the currently logged-in user) in order to execute commands.

This, in turn, makes tracking hacker activities more difficult for defenders.

Akira and C2 mechanisms

Most ransomware attackers weaponize a command and control (C2) mechanism to execute activities. The C2 system establishes communication with and exerts control over a compromised machine or network.

The C2 server can potentially be used to manage the ransomware deployment and to initiate the encryption of data on targeted systems. For the purpose of establishing persistent remote access to multiple systems within the network, Akira seems to prefer AnyDesk.

Akira and data exfiltration

Akira uses a number of different tools when it comes to data exfiltration. These include WinRAR, WinSCP, rclone, and MEGA.

After data exfiltration, Akira demands a ransom from victims. In the event that the ransom goes unpaid, the group will leak stolen data on its TOR site, as previously mentioned.

Akira’s encryption tactic

To encrypt a given target’s data, Akira relies on a combination of AES and RSA algorithms. The group will also purge Windows Shadow Volume Copies from devices by running a PowerShell command. For victims, this massively complicates the process of independently restoring systems and recovering encrypted data.

Recommended means of preventing and defending against Akira’s ransomware

1. Address identity and access management.

Enhance access controls. Implement multi-factor authentication (MFA). Akira can gain initial access via unauthorized logins to VPNs through accounts that lack MFA. This seemingly simplistic safeguard can significantly limit the risk of unauthorized access.

2. Store credentials securely.

As noted earlier, Akira deploys a variety of tactics to obtain credentials. These tactics include execution of a mini-dump of the LSASS process memory, retrieving credentials stored in the Active Directory database and leveraging vulnerabilities in backup services.

To that effect, organizations need to take care when it comes to credential management. Credentials should be stored securely, and regularly updated. Backup services must also be appropriately secured.

3. Elevate your patch management protocol.

Akira commonly exploits vulnerabilities in VPN software. Thus, regular patching and updating of software can proactively prevent Akira attacks.

4. Monitor your network like a ninja.

Akira relies on built-in commands and tools to identify an environment’s systems and to learn about the status of target devices. Detect duplicitous behavior by monitoring for unusual network activity.

Your organization should also monitor for data exfiltration. Look for substantial data transfers and unusual network patterns.

5. Secure C2 channels.

Akira uses widely recognized dual-use agents, such as AnyDesk, to establish persistent remote access. Remain vigilant in regards to abnormal remote access activities and fortify Command and Control (C2) channels. This can be of tremendous assistance when it comes to thwarting potential attacks.

6. Secure remote desktop protocol.

Akira frequently employes Remote Desktop Protocol (RDP), using legitimate local administrator user accounts to facilitate lateral movement. Enhancing the security of RDP and staying vigilant for atypical RDP activity can be effective in preventing lateral movement.

7. Implement endpoint protection.

Akira usually attempts to uninstall endpoint protections as a means of evading detection. Deploying robust endpoint protection measures and consistently monitoring for efforts to disable or uninstall such safeguards can also assist with attack prevention and detection.

Related resources

The 10 most dangerous ransomware groups right now – Read article
Secure your data. Explore endpoint security solutions – Learn more
Identity and access management solution free trial – Click here

Apex Legends Cover Story And Suicide Squad Impressions | GI Show

In this week’s episode of The Game Informer Show, former Game Informer editor Jay Guisao joins us to share exclusive details about Apex Legends Season 20: Breakout and discuss our time visiting Respawn Vancouver. Marcus and Kyle discuss the early hours of Suicide Squad: Kill The Justice League; Charles breaks down his Mario Vs. Donkey Kong preview, then we round out the show discussing Persona 3 Reload.

Watch The Podcast:

[embedded content]

Follow us on social media: Alex Van Aken (@itsVanAken), Jason Guisao (@Jason_Guisao), Marcus Stewart (@MarcusStewart7), Kyle Hilliard (@KyleMHilliard), Charles Harte (@Chuckduck365)

The Game Informer Show is a weekly gaming podcast covering the latest video game news, industry topics, exclusive reveals, and reviews. Join host Alex Van Aken every Thursday to chat about your favorite games – past and present – with Game Informer staff, developers, and special guests from around the industry. Listen on Apple Podcasts, Spotify, or your favorite podcast app.

The Game Informer Show – Podcast Timestamps:

00:00:00 – Intro

00:06:00 – Apex Legends Cover Story

00:49:20 – Suicide Squad: Kill the Justice League

01:13:04 – WWE 2K24 Preview

01:35:30 – Persona 3 Reload

01:50:39 – Mario vs. Donkey Kong

01:59:23 – Housekeeping

Mario vs. Donkey Kong Preview | All Things Nintendo

This week on All Things Nintendo, Brian is joined by Game Informer‘s Charles Harte to preview Mario vs. Donkey Kong, the new Switch remake of the well-liked Game Boy Advance puzzle platformer. Before that, though, the two editors run down the latest news, and the show wraps up with an eShop Gem of the Week.

[embedded content]

If you’d like to follow Brian on social media, you can do so on Instagram/Threads( @BrianPShea) or Twitter (@BrianPShea). You can also follow Charles on Twitter (@chuckduck365).

The All Things Nintendo podcast is a weekly show where we celebrate, discuss, and break down all the latest games, news, and announcements from the industry’s most recognizable name. Each week, Brian is joined by different guests to talk about what’s happening in the world of Nintendo. Along the way, they’ll share personal stories, uncover hidden gems in the eShop, and even look back on the classics we all grew up with. A new episode hits every Friday!

Be sure to subscribe to All Things Nintendo on your favorite podcast platform. The show is available on Apple Podcasts, Spotify, Google Podcasts, and YouTube.

00:00:00 – Introduction
00:01:11 – Universal’s Epic Universe Unveiled
00:16:08 – Dave the Diver Godzilla DLC
00:19:11 – Sonic x Shadow Generations
00:26:00 – Sonic Superstars Shadow Costume DLC
00:29:24 – Square Enix Says Final Fantasy VI Remake Unlikely
00:38:55 – Celeste 64: Fragments of the Mountain
00:43:08 – Mario vs. Donkey Kong Preview
00:57:53 – eShop Gem of the Week: Freedom Planet

If you’d like to get in touch with the All Things Nintendo podcast, you can email AllThingsNintendo@GameInformer.com, messaging Brian on Instagram (@BrianPShea), or by joining the official Game Informer Discord server. You can do that by linking your Discord account to your Twitch account and subscribing to the Game Informer Twitch channel. From there, find the All Things Nintendo channel under “Community Spaces.”

For Game Informer’s other podcast, be sure to check out The Game Informer Show with hosts Alex Van Aken, Marcus Stewart, and Kyle Hilliard, which covers the weekly happenings of the video game industry!

A decoder-only foundation model for time-series forecasting

…

7 Ideas for Enhancing Software Development Projects – Technology Org

In the dynamic world of software development, standing still is not an option. With technology evolving at a…

Why to Buy a Single Board Computer – Technology Org

With the rapid expansion of technology comes the need for smaller, versatile devices. In response, single board computers…

Who Will Protect Us from AI-Generated Disinformation?

Generative AI has gone from zero to a hundred in under a year. While early, it’s shown its potential to transform business. That we can all agree on. Where we diverge is on how to contain the dangers it poses. To be clear, I am pro…

The 2024 Guide to Cognitive Conversational AI in Business

Incorporating cognitive conversational AI into modern business strategy is essential, especially in how it transforms customer experiences. This perspective is supported by a PwC survey of business and tech leaders. AI and cognitive technologies are reshaping customer engagement, moving customer experience beyond its traditional role to…

UPDATE: Jim Carrey Returns In Sonic The Hedgehog 3, New Cast Members Revealed

Update, 2/2: In addition to Jim Carrey’s comeback to Sonic the Hedgehog 3, IGN has revealed some of the film’s new cast members. We’ve listed the names below, though it’s currently unknown what roles they will have.

Krysten Ritter (Jessica Jones, Breaking Bad)
Alyla Browne (Furisoa: A Mad Max Saga, The Lost Flowers of Alice Hart)
James Wolk (Mad Men, The Harley Quinn Show, Watchmen)
Sofia Pernas (NCIS, Blood & Treasure)
Cristo Fernández (Zorro, Ted Lasso)
Jorma Taccone (Spider-Man: Across the Spider-verse, Weird: The Al Yankovic Story)

Original Story: Sonic the Hedgehog 3 introduces Shadow as presumably a main antagonist, but it seems the ultimate lifeform will be sharing his limelight with Dr. Robotnik one more time. Variety reports that Jim Carrey is making a comeback in the upcoming third film.

Note: light Sonic the Hedgehog 2 spoilers ahead

Despite Dr. Robotnik seemingly meeting his demise at the end of Sonic the Hedgehog 2 and Carrey seeming pretty firm about retiring from acting after the film was released in 2022, a new teaser says otherwise. The official Sonic the Hedgehog movie Twitter account revealed a short promotional video, embedded below, unveiling the Sonic 3’s logo (which is pretty much the Sonic Adventure 2 logo) featuring Carrey’s distinct Robotnik cackle at the end. The post’s message of “You all thought I was gone, but I’ve just been underground. What you’ve seen from me is only a shadow of things to come…” is also pretty telling.

Sonic the Hedgehog 3 hits theaters on December 20. Jeff Fowler once again sits in the director’s chair, and the returning cast includes Ben Schwartz (Sonic), James Marsden (Tom Wachowski), Colleen O’Shaughnessey (Tails), and Idris Elba (Knuckles). Shadow’s actor has yet to be revealed.

Before the third film arrives, a live-action spin-off series starring Knuckles is launching on Paramount + sometime this year. As if 2024 wasn’t already looking good for Sonic, we recently learned that it’s the year of Shadow with the reveal of a new game, Sonic x Shadow Generations. Additionally, Sonic Superstars is getting a Shadow costume.

[Source: Variety]

I Still Don’t Know How I Feel About Suicide Squad After Five Hours

I am not reviewing Suicide Squad: Kill The Justice League for Game Informer (that privilege belongs to looter-shooter expert Matt Miller), and for that I am grateful. But it’s not because the game is terrible. It’s because even after five hours, I still have no idea how I feel about it.

There is a scene in The Dark Knight Rises that I always assumed would become a meme, but never did. When Anne Hathaway’s Selina Kyle gets stopped trying to escape at the airport by Joseph Gordon-Levitt’s John Blake, he asks her about Bruce Wayne’s fate. In a fantastic one-line performance, she looks into his eyes with genuine uncertainty and fear and says simply, “I’m not sure.” And that’s exactly how I feel when someone asks me what I think of Rocksteady’s Suicide Squad.

I am not a fan of the genre Suicide Squad is pursuing. I don’t like shooters where you perform similar actions (e.g., fight waves of enemies) over and over for slightly different results (e.g., gear with marginally different stats). The loop has just never appealed to me. I am, however, a massive fan of Rocksteady and its Arkham Games. Arkham Asylum, City, and Knight (and Origins, as well) are not just some of my favorite comic book games but some of my favorite games, period. I love the world Rocksteady created in those games, and in those not-frequent-enough moments when Suicide Squad remembers it is a sequel to Arkham Knight, I find myself getting wrapped up in learning what is going to happen next.

But even in those story and character moments that I have enjoyed, I am falling short of becoming fully invested. The premise of Amanda Waller and Batman’s worst-case scenario actually coming to exist – what if the members of the Justice League turned bad? – is interesting and sometimes scary. An early sequence where you, as the Suicide Squad, have to play on the opposite side of Batman’s stealth and fear-inducing hunt is a highlight. But the overall tone of the game sometimes makes it feel more like the uninspired arguments of comic book fans playing out their uninteresting fantasies of, “What if Superman killed civilians?”

But then, every few minutes, a joke will land with me, and I find myself appreciative of the tone. Captain Boomerang, for example, is the kind of confident idiot that always makes me laugh. We’ve had four self-serious, sometimes melodramatic Arkham games. Why not make room for something a little lighter? My opinion changes every five minutes.

[embedded content]

In terms of gameplay, I have begun to find a rhythm in combat where I enjoy moving around a battlefield. Running up walls and swinging around as Harley recalls Incomniac’s Spider-Man in the right ways, but the shooting, while perfectly functional, gets repetitive quickly. I often avoid fights on my way to the next destination instead of engaging with them as a result. Much like the world and story, my opinion about actually playing changes every other fight. Sometimes, I feel like Tony Hawk skateboarding through Metropolis. Sometimes, I feel like Tony Hawk, the human person, checking his watch and avoiding traffic as he rushes to a meeting across town.

I am confused, but sometimes having fun. Does that make it a good and fun game? I’m not sure, to quote Selina Kyle again.

Of course, with all my uncertainty and my feelings going up and down as I play from moment to moment, there is one thing I know for sure: I am definitely, without question, enjoying it more than 2020’s Marvel’s Avengers.