The ransomware cyber gang known as the Akira group has a history of disrupting systems across various sectors and has been identified as the culprit behind the cyberattack on Bucks County’s computer-aided dispatch (CAD) system.
The system is essential for police departments, fire departments, and emergency medical squads.
Despite partial restoration, the Bucks County CAD system was still not fully operational as of Tuesday. The attack started on January 21.
The 9-1-1 and radio dispatch services continued to function throughout the attack.
The Akira group, which operates a Ransomware-as-a-Service (RaaS) model, has been active since March 2023 and targets a wide range of sectors including finance, government, real estate, manufacturing, and health care, according to reports.
The U.S. federal government has acknowledged the impact of the Akira group, noting that dozens of businesses and organizations have fallen victim to its ransomware attacks since March of last year.
Sophos, a cyber security research company, highlighted that Akira commonly gains access through VPNs without multi-factor authentication (MFA), specifically targeting Windows and Linux systems and often exploiting Cisco products.
Details regarding whether a ransom was paid by Bucks County in response to the attack have not been disclosed.
The Bucks County attack has drawn the attention of federal law enforcement and led to an investigation.
The county has been assisted by the Pennsylvania National Guard and various state and federal agencies as they recover from the attack.
Recent reports suggest that Akira’s strategy may not always involve immediate ransom encryption but rather data extortion.
The U.S. Department of Health and Human Services warned last September that ransom demands from the group range between $200,000 to $4 million.
The group’s activities have also been linked to significant disruptions, including an attack on Finnish IT services provider Tietoevry in January.
Advisories and warnings have been issued by various organizations, including the New Jersey Cybersecurity and Communications Integration Cell and cyberattack incident response firm Unit 42, which noted potential connections between Akira and the notorious Conti cyberattack group that is believed to be based in Russia.
With Akira responsible for about 12 percent of January 2024’s ransomware incidents, according to a report by cyber security firm BlackFog, its activity ranks among the most significant worldwide.
The extent of the damage to Bucks County’s systems has yet to be fully disclosed.
Federal authorities have long warned of the escalating threat of ransomware attacks on both public and private entities.
“As ransomware attacks continue to rise around the world, businesses and other organizations must prioritize their cybersecurity,” U.S. Department of Homeland Security Secretary Alejandro Mayorkas said in 2021. “Cyber criminals have targeted critical infrastructure, small businesses, hospitals, police departments, schools and more. These attacks directly impact Americans’ daily lives and the security of our nation.”
The Cybersecurity and Infrastructure Security Agency (CISA) has advised businesses and organization to prepare for ransomware attacks and look at ways to mitigate damage. There is a resource page on the CISA website.