Akira, also tracked as PUNK SPIDER, is one of the most widespread and successful Ransomware-as-a-Service (RaaS) operators currently. Akira is a Big Game Hunting (BGH) adversary, and their affiliates are responsible for breaching some of the country’s largest organizations, demanding millions of dollars in ransom payments, and causing substantial human impact to their victims. Their technical skill combined with the revolution of legitimate “shadow IT” utilities gives PUNK SPIDER an edge in both evading detection and navigating around preventions put in place once detected.

Incident responders throughout the industry have worked together to track, anticipate, and stop PUNK SPIDER threats, gaining unique insights into their organization. While Endpoint Detection and Response (EDR) tooling is constantly evolving to combat new threats, active threat hunting and incident response remains a key element of any organization’s cybersecurity protection. The balance between business impact and effective containment is a difficult one to learn, but thoughtful management of it is key to leading a successful incident.

In this talk, we will cover two PUNK SPIDER intrusions from the perspective of incident response consultants who have been engaged to triage the situation, identify what has already occurred, and prevent additional threat actor activity in the client’s environment.