The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies and wiping backups. Wiping the backups amplifies the damage of the ramsonware attack and allows the threat actor to put more pressure on the victim as they eliminate the option of restoring the data without paying a ransom.
Network-Attached Storage (NAS) devices often used for backups have been broken into and emptied, as well as automatic tape backup devices, and in almost all cases all backups were lost.
The NCSC-FI suggests that organizations switch to using offline backups instead, spreading the copies across various locations to protect them from unauthorized physical access.