Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- REvil ransomware’s new Linux encryptor targets ESXi virtual machines
June 28, 2021
The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines. With the enterprise moving to virtual machines for easier backups, device management, and efficient use of resources, ransomware gangs increasingly create their own tools to mass encrypt storage used by VMs. In May, Advanced Intel’s Yelisey Boguslavskiy shared a ...
- Nefilim Ransomware Attack Through a MITRE Att&ck Lens
June 28, 2021
Nefilim is among a new breed of ransomware families that use advanced techniques for a more targeted and virulent attack. It is operated by a group that we track under the intrusion set “Water Roc”. This group combines advanced techniques with legitimate tools to make them significantly harder to detect and respond before it is ...
- The human cost of ransomware: Disruption to Irish health service will continue for months
June 24, 2021
Ireland’s health service faces months of disruption as it continues to recover from a ransomware attack, the head of the Health Service Executive (HSE) has warned. HSE, which is responsible for healthcare and social services across Ireland, fell victim to what was described as a “significant” ransomware attack on 14 May. The attack has been attributed to ...
- REvil Ransomware Code Ripped Off by Rivals
June 23, 2021
They say imitation is the sincerest form of flattery: The LV ransomware, a strain that cropped up just this spring, turns out to be based on what is most likely pirated REvil ransomware code, according to researchers. A malware analysis of LV from Secureworks Counter Threat Unit (CTU) found that its operators (which it calls Gold ...
- Tulsa warns of data breach after Conti ransomware leaks police citations
June 23, 2021
The City of Tulsa, Oklahoma, is warning residents that their personal data may have been exposed after a ransomware gang published police citations online. In early May, Tulsa suffered a ransomware attack that led to the City shutting down its network to prevent the spread of the malware. The attack disrupted Tulsa’s online bill payment systems, utility ...
- Conti Ransomware Gang: An Overview
June 18, 2021
Conti ransomware stands out as one of the most ruthless of the dozens of ransomware gangs that we follow. The group has spent more than a year attacking organizations where IT outages can have life-threatening consequences: hospitals, 911 dispatch carriers, emergency medical services and law enforcement agencies. Ireland has yet to recover from an attack ...