Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- A deep dive into the operations of the LockBit ransomware group
June 18, 2021
Researchers have provided an in-depth look at how LockBit, one of the newer ransomware groups on the scene, operates. Ransomware has become one of the most disruptive forms of cyberattack this year. It was back in 2017 with the global WannaCry outbreak that we first saw the severe disruption the malware could cause, and in 2021, ...
- Carnival Cruise Cyber-Torpedoed by Cyberattack
June 18, 2021
Carnival Corp., the world’s largest cruise-ship operator, has sprung another leak: For the second time in a year, attackers have breached email accounts and accessed personal, financial and health information belonging to guests, employees and crew. Carnival has quite the armada: Its cruise brands include Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises ...
- Ransomware Poll: 80% of Victims Don’t Pay Up
June 16, 2021
Ransomware is on the rise, but what toll does it take on the real world? Threatpost set out to answer that question in an exclusive poll aimed at taking the pulse of organizations wrestling with attacks, including looking at mitigations and the defenses organizations have in place. When viewed against the backdrop of complementary reports from ...
- Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
June 16, 2021
Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website. While this victim organization detected the intrusion, engaged Mandiant for incident response, and avoided ransomware, others may be at risk. As reported in the Mandiant post, “Shining a Light on DARKSIDE Ransomware Operations,” Mandiant Consulting has ...
- Paradise Ransomware source code released on a hacking forum
June 15, 2021
The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation. Released on the hacking forum XSS, the link to the source code is only accessible to active users on the site who have previously replied to or reacted to ...
- Andariel evolves to target South Korea with ransomware
June 15, 2021
In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. While we were doing our research into these findings, Malwarebytes published a nice report with technical details about the same series of attacks, which they attributed to the Lazarus ...