Security Researchers Identify Rapid Ransomware Attacks by Akira Group
Security researchers have identified a significant increase in the speed of ransomware attacks, with the Akira group completing all stages of an attack in under an hour. According to a report by Halcyon, Akira gains initial access by exploiting vulnerabilities in internet-facing VPN appliances and backup solutions, particularly those without multi-factor authentication. The group employs various methods such as credential theft, spearphishing, and using initial access brokers. Once access is gained, Akira exfiltrates data before encryption, following a double-extortion model. The group is noted for its stealthy operations, using tools like FileZilla and WinRAR for data staging and encryption. Akira's rapid attack lifecycle and disciplined operational tempo have allowed it to generate significant revenue since its emergence in March 2023. 
