Stanford schooled in cybersecurity after Akira claims ransomware attack

Trending 1 month ago

Stanford University has confirmed it is "investigating a cybersecurity incident" aft an onslaught past week by nan Akira ransomware group.

Akira claimed nan onslaught connected Stanford connected October 27, saying it had stolen 430 GB worthy of information from nan renowned acquisition institution.

Other than nan measurement of information allegedly stolen by nan group, small is known astir nan incident. Akira said it has entree to "private information, confidential documents etc." but has different remained tight-lipped.

The Register contacted Akira for an update connected nan negotiations but had not received a consequence astatine nan clip of publication.

Stanford University's connection confirming nan news suggested nan onslaught was constricted to 1 strategy astatine its Department of Public Safety (SUDPS), nan on-campus constabulary department.

"The information and integrity of our accusation systems are apical priorities, and we activity continually to safeguard our network," it said. "We are continuing to analyse a cybersecurity incident astatine nan Stanford University Department of Public Safety (SUDPS) to find nan grade of what whitethorn person been impacted.

"Based connected our investigation to date, location is nary denotation that nan incident affected immoderate different portion of nan university, nor did it effect constabulary consequence to emergencies. The impacted SUDPS strategy has been secured.

"Our privateness and accusation information teams person been giving this matter their concerted attention, successful coordination pinch extracurricular specialists. The investigation is ongoing and erstwhile it is completed, we will enactment accordingly and beryllium capable to stock much accusation pinch nan community."

Ransomware groups person now claimed 3 attacks connected nan assemblage successful arsenic galore years, pinch Cl0p having posted Stanford for nan 2nd clip successful March this year, pursuing nan first attack successful 2021 done its discuss of Accellion FTA.

Akira uncovered

The Akira ransomware-as-a-service cognition has only been progressive since March but information experts reckon it has "highly knowledgeable and skilled operators astatine its helm."

  • DC elections agency warns full voting rotation whitethorn person been stolen
  • Europol knocks RagnarLocker offline successful 2nd awesome ransomware bust this year
  • Casino elephantine Caesars tells thousands: Yup, ransomware crooks stole your data
  • Ransomwared wellness insurer wasn't utilizing antivirus software

According to Trend Micro and Arctic Wolf, Akira is simply a caller ransomware strain that whitethorn beryllium tally by nan aforesaid group down nan Conti group, which was responsible for a slew of high-profile attacks including 1 that crippled nan Costa Rican government.

Conti itself is thought to person inherited members from nan Ryuk ransomware group, some believed to person links to Russia pinch nan second besides laying declare to a agelong database of high-profile attacks.

Experts who person analyzed Akira's codification said it differs wholly from nan group of nan aforesaid sanction that operated successful 2017, and bears a beardown resemblance to Conti pinch its drawstring obfuscation and record encryption.

A caller study from BHI Energy, which provides task guidance and staffing support to US power organizations, offered penetration into really an Akira ransomware onslaught plays out.

In that case [PDF], Akira utilized stolen VPN credentials of a third-party contractor to make nan first intrusion into BHI Energy's web and later execute soul reconnaissance utilizing nan aforesaid method.

Then, during a nine-day model successful June 2023, it stole a ample magnitude of information – 690 GB and 767,035 files – earlier deploying its ransomware payload, encrypting files connected a subset of systems.

Intelligence from different experts has shown that Akira's ransomware payload additionally runs a PowerShell book to region measurement protector copies and appends nan ".akira" hold to encrypted files. ®