Akira Ransomware is targeting Cisco AnyConnect to steal your credentials

Threat agents are using your VPN services to get into your system

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Cisco VPN logo next to Akira Ransomware logo featured on a gray background

Cybercriminals are using Akira ransomware to target the vulnerabilities of Cisco AnyConnect. Furthermore, with it, they are getting access to your network. Also, with Akira ransomware, they can gather your data and install malware or execute other potentially malicious activities.

What is Akira ransomware?

Akira ransomware is a new threat that leaks stolen data encrypts files on your system. In addition, threat actors can use it to steal your username and passwords. Also, this type of malware tries to prevent you from recovering files by deleting their copies from your system. On top of that, it spreads fast across your network.

Moreover, cybercriminals could request ransom to remove the Akira ransomware from your system. However, nobody guarantees that they won’t come back. After all, they might be targeting your sensitive data to sell it to another company.

The research by Truesec shows that one of the main entry points for Akira ransomware is, in fact, the Cisco Anyconnect SSL VPN. The malware exploits it by using the CVE-2020-3259 vulnerability. Unfortunately, if you used the VPN in the past, even if you updated it constantly, there might already be some security problems regarding your data.

If you think that your data might be at risk, the best thing to do is to change your passwords. In addition, you could get an anti malware application featuring a ransomware detector to get rid of Akira. Furthermore, you could start moving to another email using a new device. However, that’s a bit of a last resort method.

In a nutshell, if you’ve been using Cisco Anyconnect VPN, use anti-malware on your device to protect your data. Afterward, change your password. Also, know that the Akira ransomware doesn’t affect just the Cisco VPN. It could target multiple VPN applications. Thus, you might want to always use a different password for your accounts and a different account for your VPN services.

What do you think? Are you going to change your VPN? Let us know in the comments.

More about the topics: Cisco, Ransomware, VPN

User forum

0 messages