The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that has been hitting health care organizations since May of 2023. In an Analyst Note dated February 7, 2024, HC3 stated that although Akira is a relatively new ransomware group, it has attacked at least 81 organizations in its short life, and “U.S. healthcare organizations are advised to follow the steps in this alert to minimize their risk of attack.”
Akira uses double extortion strategies to maximize its profits and operates a leak site to assert additional pressure on its victims. The most recent tactics, techniques, and procedures used by Akira are outlined in the Alert. HC3 surmises that Akira has some relationship with another well-known ransomware group, Conti, through an analysis of shared financial infrastructure for payments through cryptocurrency wallets.
HC3 provides defense and mitigation recommendations, and healthcare organizations may wish to review these following the warning.