Akira Ransomware Cripples Emergency Dispatch System | #ransomware | #cybercrime

Los Alamos
For the Los Alamos Daily Post

In case of emergency, we all know to call 911, but what if something happens to the software utilized by emergency response departments across America?

In today’s world, emergency responders use a software called Computer Aided Dispatch systems, known as “CAD” systems to help them automate response to emergencies by prioritizing and recording calls, identify status and location  of responders in the field, provide access to law enforcement databases, and effectively dispatch responder personnel. Without this software suite, 911 calls can still be responded to, just not as effectively and utilizing phone and radio only.

Unfortunately for Bucks County, a region just north of Philadelphia with a population of 650,000 this is exactly what happened last week when a cyber attack crippled their CAD system. The county has been able to respond to emergencies via phone and radio, but their CAD system remains down. There is no projected timeframe for when CAD systems will be back online.

According to Bucks County officials, the ransomware group “Akira” is likely the group responsible for the attack on their CAD emergency dispatch system. See linked report from Sophos here.

Per local news reports, “The County has shared with its local, state and federal partners that the ransomware “Akira” is involved so that they can have situational awareness and review their own systems,” the county stated in an official announcement last week.

Akira is a Ransomware-as-a-Service (RaaS) group that started operations in March 2023. The group has targeted multiple sectors including finance, real estate, manufacturing and healthcare, and typically demands a ransom payment.

According to reports by Sophos, a cyber security research company, the most common mode of initial access used by Akira ransomware actors was unauthorized logon to VPNs by accounts lacking multi-factor authentication (MFA). Sophos observed Akira actors specifically targeting Cisco VPN products without MFA enabled, such as Cisco ASA SSL VPN or Cisco AnyConnect. They have also been known to target Cisco vulnerabilities in the VPN software itself.

Interestingly, in some cases Akira did not deploy encryption immediately, but prioritized exfiltration of data, presumably to extort victims with the threat of a data breach, without triggering any ransomware defense systems during the encryption step of the attack. Tactics for this threat group continue to evolve and bear watching.

How can businesses and governments prevent this kind of attack? By making sure that computer systems are kept up to date on patching, utilizing MFA as much as possible to lock down accounts, and having a good vulnerability management program in place.

Home users can follow the same practices to avoid cyber attacks that leverage vulnerabilities and lack of MFA.

All of your accounts that offer it should be protected with MFA, if they are not you are leaving yourself open to attack. Any form of MFA protection, whether via text message, physical token, or app authenticator, will work.

To keep your systems up to date, simplify things by opting in for automatic updates to make sure your systems are receiving the latest patches. If you don’t automate, make sure you are paying attention and applying all necessary patches. Patch, patch, patch your systems and protect yourself from cyber attacks!

Source link

National Cyber Security