Singapore Warns Businesses of Bitcoin Ransomware Risk

Singapore police warned businesses against bitcoin ransomware in case of a compromise and asked them to report the incident to authorities immediately.

Akira, the ransomware that inflicted $42 million in losses on more than 250 organizations in North America, Europe, and Australia within a year, is currently focusing on businesses in Singapore.

A joint advisory was issued by Singaporean authorities to warn local businesses of the increasing threat posed by an Akira ransomware variant.

After receiving numerous complaints from victims of the cyberattack, the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF), and the Personal Data Protection Commission (PDPC) have issued an alert.

Primary targets of Akira ransomware

According to prior investigations by the United States Federal Bureau of Investigation (FBI), Akira ransomware has been targeting enterprises and critical infrastructure entities.

Singaporean authorities provided strategies for detecting, preventing, and neutralizing Akira attacks. It is recommended that businesses that have been compromised refrain from paying the assailants’ ransom.

Refrain from paying the ransom

To regain control of their internal data and computer systems, Akira members request payments in cryptocurrencies, such as Bitcoin. Nevertheless, Singaporean authorities have asked businesses to refrain from processing payments.

“If your organization’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”

Furthermore, malicious entities may attempt to launch an additional attack to secure additional ransom. The FBI discovered that Akira does not communicate with the victims and anticipates that they will contact her.

The recommended threat mitigation strategies are implementing a recovery plan and multifactor authentication (MFA), restricting network traffic, turning off unused ports and hyperlinks, and implementing system-wide encryption.

Kaspersky, a cybersecurity firm, recently discovered that North Korean hackers employed Durian malware to target South Korean crypto businesses.

“Durian has a comprehensive backdoor functionality that allows for the execution of commands, the downloading of additional files, and the exfiltration of files,” Kaspersky explained.

Furthermore, Kaspersky observed that Andariel, a sub-group within the Lazarus Group, also employed LazyLoad. This North Korean hacking consortium implies a “tenuous” connection between Kimsuky and the more notorious hacking group.