Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Ransomware attack hits Italy’s Lazio region, affects COVID-19 site
August 4, 2021
The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region’s IT systems, including the COVID-19 vaccination registration portal. Early Sunday morning, the Lazio region suffered a ransomware attack that encrypted every file in its data center and disrupted its IT network. “The attack blocked almost every file in the data center. ...
- Haron and BlackMatter are the latest groups to crash the ransomware party
July 28, 2021
July has so far ushered in at least two new ransomware groups. Or maybe they’re old ones undergoing a rebranding. Researchers are in the process of running down several different theories. Both groups say they are aiming for big-game targets, meaning corporations or other large businesses with the pockets to pay ransoms in the millions of ...
- Unhacked: 121 Tools Against Ransomware On A Single Website
July 26, 2021
In its five years of existence, No More Ransom has helped prevent almost a billion euros from ending up in criminals’ pockets Working from home, the beach or a café is a reality for many people today. Everything we need is stored in our digital devices, such as personal computers, laptops and mobile phones, which contain ...
- Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn
July 26, 2021
The Babuk ransomware gang’s new rebrand isn’t going so well. It seems the cybercriminal group has been a victim of a ransomware attack of its own. Babuk’s latest endeavor, a Dark Web ransomware forum called RAMP, was crippled by a spammer over the weekend who overloaded the site with same-sex pornographic GIFs, according to Recorded Future. The ...
- Kaseya obtains universal decryptor for REvil ransomware victims
July 22, 2021
Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free. On July 2nd, the REvil ransomware operation launched a massive attack by exploiting a zero-day vulnerability in the Kaseya VSA remote management application to encrypt approximately sixty managed service providers and an estimated 1,500 businesses. Read ...
- Ecuador’s state-run CNT telco hit by RansomEXX ransomware
July 17, 2021
Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support. CNT is Ecuador’s state-run telecommunication carrier that offers fixed-line phone service, mobile, satellite TV, and internet connectivity. Read more… Source: Bleeping Computer