Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Next-Gen Ransomware Packs a ‘Human’ Punch, Microsoft Warns
March 6, 2020
Researchers are warning that “human operated” ransomware campaigns are growing more sophisticated, adopting new infection tactics and lateral movement techniques that traditional defense teams aren’t equipped to handle. Researchers said that “auto-spreading” ransomware – like WannaCry and NotPetya – are making headlines due to the crippling downtimes that these attacks cause. However, “human operated” ransomware – like REvil, Bitpaymer, and Ryuk – ...
- Ryuk ransomware hits Fortune 500 company EMCOR
March 5, 2020
EMCOR Group (NYSE: EME), a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems. The incident took place on February 15 and was identified as an infection with the Ryuk ransomware strain. Details of the attack and the aftermath are not public, ...
- DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla
March 3, 2020
A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved the attacker accessing and stealing company data after a security ...
- What to know about cyberattacks targeting energy pipelines
March 1, 2020
The Department of Homeland Security (DHS) this past month disclosed a disruptive cyberattack on a U.S. energy facility, raising new concerns about protections for energy providers. The Cybersecurity and Infrastructure Security Agency (CISA), a division of DHS, said a ransomware attack hit a “natural gas compression facility,” leading to a two-day shutdown for the entire pipeline. While the agency ...
- RSAC 2020: Ransomware a ‘National Crisis,’ CISA Says, Ramps ICS Focus
February 28, 2020
Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this year – especially as ransomware looms as a main threat to the sector going forward. That’s according to Christopher Krebs, director of CISA, speaking at RSA Conference 2020 this week. “My agency ...
- Ransomware Hits U.S. Electric Utility
February 27, 2020
The Reading Municipal Light Department (RMLD) was infected with ransomware, as revealed in a statement by the electric utility. RMLD did not disclose the details on how their system was infected or the demands of the group behind the malware. There was also no indication of plans to pay ransom to the threat actors. RMLD is an electric utility in ...