Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- SonicWall releases urgent notice about ‘imminent’ ransomware targeting firmware
July 14, 2021
Networking device maker SonicWall sent out an urgent notice to its customers about “an imminent ransomware campaign using stolen credentials” that is targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. In addition to the notice posted to its website, SonicWall sent an email to anyone ...
- INTERPOL – Immediate action required to avoid Ransomware pandemic
July 12, 2021
LYON, France – INTERPOL Secretary General Jürgen Stock has called for police agencies worldwide to form a global coalition with industry partners to prevent a potential ransomware pandemic. Speaking at the INTERPOL High-Level Forum on Ransomware (12 July), Secretary General Stock said that while some solutions existed nationally or bi-laterally, effectively preventing and disrupting ransomware meant ...
- Kaseya claims SaaS restoration going swimmingly
July 12, 2021
Beleaguered IT management firm Kaseya says sixty per cent of its SaaS services have been successfully restored. An update to the firm’s advisory regarding the attack on its VSA product, time-stamped 10:00PM Eastern Daylight Time (EDT) on July 11th, states: “The restoration of services is progressing according to plan, with 60% of our SaaS customers live ...
- Insurance giant CNA reports data breach after ransomware attack
July 9, 2021
CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute. Read more… Source: Bleeping Computer
- Biden tells Putin the U.S. will take ‘any necessary action’ after latest ransomware attack
July 9, 2021
President Biden told Russian President Vladimir Putin on Friday that the United States will take “any necessary action” to defend U.S. infrastructure, the White House said, after Russia-based hackers carried out the largest known ransomware attack to date. Biden has been under increasing pressure to counter such costly, brazen assaults — pressure that spiked last weekend ...
- Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
July 6, 2021
REvil has emerged as one of the world’s most notorious ransomware operators. In just the past month, it extracted an $11 million payment from the U.S. subsidiary of the world’s largest meatpacking company based in Brazil, demanded $5 million from a Brazilian medical diagnostics company and launched a large-scale attack on dozens, perhaps hundreds, of ...