Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Ransomware hits Louisiana state government systems
November 19, 2019
A ransomware infection today took down IT systems and websites managed by the Louisiana state government, Governor John Bel Edwards revealed in a series of tweets. “Today, we activated the state’s cybersecurity team in response to an attempted ransomware attack that is affecting some state servers. The Office of Technology Services identified a cybersecurity threat that ...
- 400 Vet Locations Nipped by Ryuk Ransomware
November 19, 2019
National Veterinary Associates (NVA) has been hit with the Ryuk ransomware, in an attack that affects 400 clinics across the country. The California company said that it could take a week for its facilities to be fully back up and running normally. Patient records, payment systems and practice management software were all locked up in the ...
- Is agriculture at risk from cyber crime?
November 18, 2019
Most media coverage about cyber-crime shares horrendous examples of how individuals or families’ lives have been ruined by ruthless scams. This is no different in the agriculture sector. Cyber crime has become a major industry – and the cyber security industry has grown rapidly to tackle the scale of the problem. The Office of National Statistics estimates ...
- Buran Ransomware; the Evolution of VegaLocker
November 5, 2019
McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware families ...
- Canadian Nunavut government systems crippled by ransomware
November 5, 2019
Canadian government IT systems have been forced into lockdown after a successful ransomware attack. On Monday, government officials for the Nunavut region said that over the weekend, a “new and sophisticated type of ransomware” struck the territory. All government services — with the exception of an energy corporation — that rely on access to electronic information stored ...
- Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs
November 4, 2019
The Ryuk ransomware has added two features to enhance its effectiveness: The ability to target systems that are in “standby” or sleep mode; and the use of Address Resolution Protocol (ARP) pinging to find drives on a company’s LAN. Both are employed after the initial network compromise of a victim organization. Ryuk, which is distributed by ...