Akira: Perhaps the next big thing in ransomware, says Tidal threat intelligence chief

Scott Small tells us gang's 'intent and capability' should get the attention of CSOs

Interview It might not be as big a name as BlackCat or LockBit, but the Akira ransomware is every bit as dangerous, says one cybersecurity researcher – and it's poised to make a big impact. 

Scott Small, director of cyber threat intelligence at Tidal Cyber, said that most of what Akira is doing is pretty routine for a cyber-crime gang. Regardless, Small warns not to underestimate the crew, who he said is "very much a skilled group." 

Youtube Video

While much of what it does is exploit well-known vulnerabilities, some of Akira's tactics are less common in the ransomware world, which makes it easier to spot and remediate if you know what you're looking for. For example, Akira relies on FTP to exfiltrate files, Small said, noting FTP isn't that common a tool for ransomware groups.

"Core cyber-hygiene mitigations can have a dramatic impact on reducing your risk against these attacks," Small said in an interview you can watch above. "But it does demonstrate again the creativity and the persistence of a lot of these groups."

It's also important to know that even if you run a modest-sized organization you may not be small enough to avoid Akira. "Adversaries may go after the low hanging vulnerable fruit and ancillary organizations and use that access to pivot into those primary target environments," Small said.

In other words, almost anyone and everyone is a target these days. So get those security updates installed as soon as is practically possible, but don't stop there - watch the rest of our interview above. ®

More about


Send us news

Other stories you might like