Akira ransomware group claimed responsibility for a cyber attack on Nissan Australia and New Zealand. In the Nissan cyber attack, the ransomware group claimed to have stolen 100 GB data and demanded a ransom.
In December 2023, Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand announced that their internal systems were hacked. They said that an ‘unauthorised third party’ had ‘illegally accessed some of its network systems’ in Australia and New Zealand and was ‘working to understand the full extent’ of the breach.
Cyber security agencies in Australia and New Zealand have been alerted to this, as have privacy regulators and police. Nissan won’t pay the ransom, which the attackers say they’ll splash on the internet in the next few days.
Other carmakers were hit hard by cyberattacks in recent months, including Nissan. After a ransomware attack, Toyota Germany recently informed customers that personal information had been stolen in a data breach.
What is Akira Ransomware?
Akira Ransomware is a malicious software program that targets computer systems and encrypts files, rendering them inaccessible. Once encrypted, victims are prompted to pay a ransom in exchange for the decryption key, which can restore access to the encrypted files. Usually, the extension for the encrypted files is [.]akira. Akira is gaining popularity due to its double extortion tactics, a ransomware-as-a-service (RAAS) distribution model, and unique payment methods. United States is the top targetted country by Akira ransomware group, followed by Canada and the United Kingdom. Akira ransomware group, one of the trending gangs, has taken credit for the Nissan attack, claiming to have seized 100 GB of information, including corporate files and employees’ personal information.
How Akira Ransomware Attack Takes Place?
Akira ransomware usually extracts credentials from its affiliates or other attacks to gain access to victim environments. This malicious code is being executed with the help of tools such as PCHunter, AdFind, PowerTool, Terminator, Advanced IP Scanner, Windows Remote Desktop Protocol (RDP), AnyDesk, Radmin, WinRAR, and Cloudflare’s tunneling tool.
MITRE ATT&CK Techniques
According to the researchers at Trellix, below are the relevant MITRE ATT&CK Techniques for the Akira ransomware.
In March, the Akira ransomware operation emerged, which was linked to the notorious Conti group. So far, Akira has targeted approximately 180 organizations, most of them in the United States.
Cyber attacks are on the rise, and not just the auto manufacturing industry but also the healthcare industry is under tremendous pressure from increasing cyber-attacks.
For more cybersecurity news and updates, follow us on Cybersecurity – The SOC Labs.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The SOC Labs assumes no liability for the accuracy or consequences of using this information.