The Akira ransomware group claims on its dark web leak site to have compromised data from Panasonic Australia. Shortly after that announcement, Singapore authorities issued an advisory advising affected companies to not heed the ransomware group’s demands, in response to local law firm Shook Lin & Bok confirming that it had been struck by the group.
Panasonic Australia is a regional subsidiary of Panasonic Holdings Corporation headquartered in Japan. It manufactures electronic equipment and devices such as cameras, home equipment, sound equipment, personal care devices, power tools, and air conditioning.
The Akira ransomware group has previously targeted several high-profile organizations while netting millions in ransom payments from affected victims.
Akira Ransomware Group Attack on Panasonic Australia
The ransomware group alleged that it had exfiltrated sensitive project information and business agreements from the electronics manufacturer Panasonic Australia. No sample documents were posted to verify the authenticity of the breach claims.
The potential impact of the breach on Panasonic Australia is unknown but could present a serious liability for the confidentiality of the company’s stolen documents.
Cyber Security Agency of Singapore Issues Advisory
Singapore’s Cyber Security Agency (CSA) along with the country’s Personal Data Protection Commission (PDPC) issued an advisory to organizations instructing them to report Akira ransomware attacks to respective authorities rather than paying ransom demands.
The advisory was released shortly after an Akira ransomware group attack on the Shook Lin & Bok law firm. While the firm still continued to operate as normal, it had reportedly paid a ransom of US$1.4 million in Bitcoin to the group. The Akira ransomware group had demanded a ransom of US$2 million from the law firm earlier, which was then negotiated down after a week, according to the SuspectFile article.
The Cyber Security Agency of Singapore (CSA) stated that it was aware of the incident and offered assistance to the law firm. However, it cautioned against similar payments from other affected victims.
“Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data,” the agency stated. “Furthermore, threat actors may see your organisation as a soft target and strike again in the future. This may also encourage them to continue their criminal activities and target more victims.”
The Singaporean authorities offered a number of recommendations to organizations:
- Enforce strong password policies with at least 12 characters, using a mix of upper and lower case letters, numbers, and special characters.
- Implement multi-factor authentication for all internet-facing services, such as VPNs and critical system accounts.
- Use reputable antivirus or anti-malware software to detect ransomware through real-time monitoring of system processes, network traffic, and file activity. Configure the software to block suspicious files, prevent unauthorized remote connections, and restrict access to sensitive files.
- Periodically scan systems and networks for vulnerabilities and apply the latest security patches promptly, especially for critical functions.
- Migrate from unsupported applications to newer alternatives.
- Segregate networks to control traffic flow between sub-networks to limit ransomware spread. Monitor logs for suspicious activities and carry out remediation measures as needed.
- Conduct routine backups following the 3-2-1 rule: keep three copies of backups, store them in two different media formats, and store one set off-site.
- Conduct incident response exercises and develop business continuity plans to improve readiness for ransomware attacks.
- Retain only essential data and minimize the collection of personal data to reduce the impact of data breaches.
“Organisations should periodically scan their systems and networks for vulnerabilities and regularly update all operating systems, applications, and software by applying the latest security patches promptly, especially for functions critical to the business,” the police, CSA and PDPC said in a joint statement.
The criminal group had previously also come under the attention of various other governments and security agencies, with the FBI and CISA releasing a joint cybersecurity advisory as part of the #StopRansomware effort.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.