January 11, 2024 at 10:16AM
NCSC-FI warns of increased Akira ransomware attacks in December, targeting Finnish companies and wiping backups. The attacks exploited a vulnerability in Cisco VPNs, allowing unauthorized access to networks. The agency advises switching to offline backups and updating Cisco ASA and FTD to prevent further attacks. They emphasize the need for multiple backups spread across different locations to protect data.
It seems that the Finish National Cybersecurity Center (NCSC-FI) has reported an increase in Akira ransomware activity, targeting companies in Finland. The attackers have been specifically targeting and wiping backups, which exacerbates the damage of the attacks. The organization suggests that companies switch to using offline backups and follow the 3-2-1 rule for the most critical backups. They also highlight the importance of using multi-factor authentication to protect against brute force attacks. Additionally, it’s recommended for organizations to upgrade to the latest versions of Cisco ASA and FTD to avoid exploitation of the CVE-2023-20269 vulnerability.