Singaporean authorities have issued a stern advisory against paying ransoms to Akira ransomware attackers, urging businesses to report incidents immediately. The alert comes in response to a surge in attacks by the notorious ransomware group that has previously extorted millions globally.

Singapore’s businesses are facing a new and formidable threat as the Akira ransomware, responsible for stealing $42 million from over 250 organizations across North America, Europe, and Australia, shifts its focus to the city-state. In response, Singaporean authorities, including the Cyber Security Agency of Singapore (CSA), the Singapore Police Force, and the Personal Data Protection Commission, have issued a joint advisory alerting local businesses to the rising threat.

The advisory comes on the heels of several complaints received by these agencies from victims of recent cyberattacks. The Akira ransomware variant, known for its ability to cripple businesses by hijacking their computer systems and demanding ransom payments in cryptocurrencies like Bitcoin, is now actively targeting businesses in Singapore.


The Nature of Akira Ransomware

Akira ransomware has a notorious reputation for its effectiveness and ruthlessness. Prior investigations by the United States Federal Bureau of Investigation (FBI) revealed that Akira primarily targets businesses and critical infrastructure entities. Once a system is compromised, Akira encrypts the victim’s data, rendering it inaccessible, and leaves a ransom note demanding payment in exchange for a decryption key.


One of the unique aspects of Akira is that its operators never initiate contact with their victims. Instead, they expect the victims to reach out to them, creating a psychological pressure on businesses to pay the ransom in hopes of restoring their operations quickly.


Singapore’s Stance on Ransom Payments

The Singaporean authorities have taken a firm stance against paying ransoms. Their advisory clearly states:


“If your organization’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”


This recommendation is based on the understanding that paying the ransom not only fails to ensure data recovery but also emboldens cybercriminals to continue their activities. Additionally, there is a significant risk that malicious entities may target the same victim again, expecting more ransom payments.


Recommended Threat Mitigation Techniques

To combat the threat of Akira ransomware, the advisory outlines several key mitigation strategies that businesses should implement:

  1. Implement a Recovery Plan: Develop and maintain a comprehensive recovery plan to ensure that data can be restored from backups in the event of an attack.

  2. Multifactor Authentication: Enforce multifactor authentication across all systems to add an additional layer of security.

  3. Network Traffic Filtering: Use firewalls and intrusion detection/prevention systems to filter and monitor network traffic for suspicious activity.

  4. Disable Unused Ports and Hyperlinks: Ensure that unused ports are disabled and scrutinize all hyperlinks to prevent unauthorized access.

  5. System-Wide Encryption: Encrypt all sensitive data to protect it from unauthorized access even if a system is compromised.



Global Context and Related Cyber Threats

The advisory from Singaporean authorities is part of a broader trend of increasing ransomware attacks globally. According to a recent report by cybersecurity firm Kaspersky, North Korean hackers have been targeting South Korean crypto businesses using a malware known as Durian. This malware has comprehensive backdoor functionality, enabling the execution of commands, downloading of additional files, and exfiltration of data.


Moreover, Kaspersky identified the use of LazyLoad malware by Andariel, a subgroup within the infamous North Korean hacking consortium Lazarus Group. This suggests a possible connection between different hacking entities within North Korea, further highlighting the sophisticated nature of contemporary cyber threats.


Conclusion

As Singapore grapples with the rising threat of Akira ransomware, businesses are urged to remain vigilant and proactive in their cybersecurity measures. The joint advisory from the CSA, Singapore Police Force, and the Personal Data Protection Commission serves as a critical reminder of the importance of not succumbing to ransom demands and instead reporting incidents to the authorities immediately. By implementing recommended mitigation techniques and maintaining robust cybersecurity protocols, businesses can better protect themselves against the growing menace of ransomware attacks.


(ARIJIT SARKAR, COINTELEGRAPH, 2024)