Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Cyber-security firm Verint hit by ransomware
April 17, 2019
The Israel offices of US cyber-security firm Verint have been hit by ransomware, according to a screenshot taken by a Verint employee that started circulating online earlier today. “There is currently a critical issue affecting the on premise Email and Green zone VDI services,” read a warning message that was displayed earlier today ...
- Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities
March 27, 2019
Researchers are still looking for answers when it comes to LockerGoga’s initial infection method – and what the attackers behind the ransomware really want. LockerGoga, the malware that took down Norsk Hydro last week, has taken the industrial world by storm, as researchers race to uncover more about the mysterious ransomware that crippled several of the ...
- Threat Landscape for Industrial Automation Systems in H2 2018
March 27, 2019
All statistical data used in this report was collected using the Kaspersky Security Network (KSN), a distributed antivirus network. The data was received from those KSN users who gave their consent to have data anonymously transferred from their computers. We do not identify the specific companies/organizations sending statistics to KSN, due to the product limitations and regulatory ...
- UK: Police Federation Confirms Ransomware Breach
March 22, 2019
The Police Federation of England and Wales (PFEW) has confirmed that it has suffered a ransomware attack, but has said that it was not specifically targetted and was likely to have been impacted as part of a wider campaign. The ransomware attack has apparently only impacted computers at its headquarters in Surrey, and the PFEW said ...
- Aluminium Maker Hydro Goes Old School After Ransomware Attack
March 20, 2019
A large Norwegian manufacturing firm has had to close its website and IT operations and go old school by resorting to manual processes for its factories. It comes after a devastating ransomware attack crippled Norsk Hydro, one of the world’s largest producers of aluminium. As of Wednesday afternoon, its website was still offline, and the firm has ...
- Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits
March 12, 2019
A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours. BleepingComputer was first notified about the Yatron RaaS by a security ...