Akira Ransomware is targeting Cisco AnyConnect to steal your credentials

Threat agents are using your VPN services to get into your system

News

Reading time icon 2 min. read

Calendar icon Published on

by Sebastian Filipoiu 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Cisco VPN logo next to Akira Ransomware logo featured on a gray background

Cybercriminals are using Akira ransomware to target the vulnerabilities of Cisco AnyConnect. Furthermore, with it, they are getting access to your network. Also, with Akira ransomware, they can gather your data and install malware or execute other potentially malicious activities.

What is Akira ransomware?

Akira ransomware is a new threat that leaks stolen data encrypts files on your system. In addition, threat actors can use it to steal your username and passwords. Also, this type of malware tries to prevent you from recovering files by deleting their copies from your system. On top of that, it spreads fast across your network.

Moreover, cybercriminals could request ransom to remove the Akira ransomware from your system. However, nobody guarantees that they won’t come back. After all, they might be targeting your sensitive data to sell it to another company.

The research by Truesec shows that one of the main entry points for Akira ransomware is, in fact, the Cisco Anyconnect SSL VPN. The malware exploits it by using the CVE-2020-3259 vulnerability. Unfortunately, if you used the VPN in the past, even if you updated it constantly, there might already be some security problems regarding your data.

If you think that your data might be at risk, the best thing to do is to change your passwords. In addition, you could get an anti malware application featuring a ransomware detector to get rid of Akira. Furthermore, you could start moving to another email using a new device. However, that’s a bit of a last resort method.

In a nutshell, if you’ve been using Cisco Anyconnect VPN, use anti-malware on your device to protect your data. Afterward, change your password. Also, know that the Akira ransomware doesn’t affect just the Cisco VPN. It could target multiple VPN applications. Thus, you might want to always use a different password for your accounts and a different account for your VPN services.

What do you think? Are you going to change your VPN? Let us know in the comments.

More about the topics: Cisco, Ransomware, VPN

Sebastian Filipoiu

Sebastian Filipoiu Shield

Sebastian is a content writer with a desire to learn everything new about AI and gaming. So, he spends his time writing prompts on various LLMs to understand them better. Additionally, Sebastian has experience fixing performance-related problems in video games and knows his way around Windows. Also, he is interested in anything related to quantum technology and becomes a research freak when he wants to learn more.