The Health Sector Cybersecurity Coordination Center is warning about a ransomware gang, Akira, that is posing a new threat to the healthcare industry.
Akira, which emerged in May 2023, has claimed 81 victims and operates as a ransomware-as-a-service group, according to a Feb. 7 news release from the HC3. Research suggests the group has ties to the now-defunct Conti ransomware group, which was also known for targeting the healthcare industry.
Akira primarily relies on ransomware operations and is known for collaborating with fellow cybercriminals for specific attacks and distributing the extorted fees.
Additionally, the group engages in double extortion by stealing sensitive data, deploying ransomware and imposing two separate fees. The initial fee is for restoring the encrypted systems, while the second fee guarantees the nondisclosure of stolen data.
Akira relies on credential compromise as an infection vector to grant them initial access to their target networks. The group also manages a leak site, where they publicly disclose information about their victims.