Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- 2025 Ransomware: Business as Usual, Business is Booming
April 8, 2025
Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack surface against ransomware. The data highlights ...
- NSA warns “fast flux” threatens national security. What is fast flux anyway?
April 4, 2025
A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned. The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would ...
- A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
April 2, 2025
Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. In early 2025, Rapid7 researchers came across a channel promoting itself as Babuk Locker. Since the original group had shut down in 2021, they decided to ...
- Cyberattacks climbing across Caribbean
March 28, 2025
Ransomware gangs FOG and Akira continue to be the main culprits behind a number of recent cyberattacks plaguing businesses locally and across the Caribbean, a cyber-security expert has indicated. According to Rory Ebanks, director of cybersecurity at Symptai Consulting Limited, the two ransomware gangs, which both emerged in the last three years, primarily exploit vulnerabilities in ...
- Fake BianLian Ransomware Letters in Circulation
March 19, 2025
On March 5, the FBI issued an alert regarding a mail scam targeting U.S. business executives with extortion. The letters claim to be from noted ransomware group BianLian, demanding a payment in Bitcoin ranging from $250,000 to $500,000 within ten days of receipt. The FBI alert reads as follows: “Stamped “Time Sensitive Read Immediately”, the letter ...
- Hackers are exploiting Fortinet firewall bugs to plant ransomware
March 17, 2025
Security researchers have observed hackers linked to the notorious LockBit gang exploiting a pair of Fortinet firewall vulnerabilities to deploy ransomware on several company networks. In a report published last week, security researchers at Forescout Research said a group it’s tracking dubbed “Mora_001” is exploiting the Fortinet firewalls, which sit on the edge of a company’s ...