We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Akira Ransomware Exploits Cisco VPNs in Attacks

Akira Ransomware Exploits Cisco VPNs in Attacks
Zane Kennedy Published on 29th August 2023 Former Cybersecurity Researcher

The cybersecurity community is sounding alarms, as a recently identified ransomware named Akira continues to exploit Cisco VPN products and use them as an attack vector. Launched in March 2023, Akira has quickly established itself as a formidable threat.

Akira has already gained notoriety for compromising multiple industries, including education, finance, real estate, healthcare, and manufacturing. Several reports show that Akira has been successfully breaching these networks via compromised Cisco VPN accounts. Once inside, the threat actors may exfiltrate sensitive data and then subsequently deploy their ransomware encryption.

Sophos security firm highlighted incidents in May 2023 where Akira accessed target networks by compromising VPN accounts reliant on single-factor authentication. As logging wasn’t configured in the Cisco ASA in these attacks, it's difficult to definitively say how Akira got the credentials for these VPN accounts — while some speculate brute-forcing, others suspect the credentials might be bought from the dark web.

SentinelOne, a cybersecurity firm, also presented the possibility of a zero-day vulnerability in the Cisco VPN software to BleepingComputer. This potential flaw might allow hackers to bypass authentication in cases where MFA is absent.

By late June 2023, the cybersecurity landscape saw a momentary sigh of relief when Avast, a security solutions provider, released a free decryptor for Akira ransomware. This tool promised victims a way out without paying ransoms. However, this respite was short-lived. The Akira operatives swiftly patched their encryptors, rendering Avast's solution ineffective for newer versions.

Mike Newman, CEO of My1Login, emphasized the gravity of the situation with Hackread.com: "With VPNs providing a direct tunnel into an enterprise’s network, this access should never fall into the hands of malicious actors." He strongly advocates for two-factor authentication and discourages password reuse, shedding light on the importance of these measures in the face of evolving threats like Akira.

In light of the escalating threat, Cisco has advised all its customers to implement MFA. They also recommend setting up logging and redirecting this data to remote syslog servers. This will help the auditing of security incidents if they were to occur.

With Akira's evident widespread reach, businesses must remain vigilant, reinforcing their cybersecurity strategies and keeping their guard up against this emerging threat.

About the Author

Zane was a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provided readers with accurate and trustworthy news stories and articles. He aimed to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address