Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- RansomHub claims to net data hat-trick against Bologna FC
November 30, 2024
Italian professional football club Bologna FC is allegedly a recent victim of the RansomHub cybercrime gang, according to the group’s dark web postings. The ransomware crims responsible for attacks on organizations including Planned Parenthood and Christie’s – the same crew thought to have picked up LockBit’s top talent post-disruption – posted an extensive collection of data ...
- Medical testing company LifeLabs failed to protect customer data, report finds
November 27, 2024
In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 million people was stolen. After noticing the attack, LifeLabs informed its customers and the Canadian privacy regulators, which immediately announced an investigation. The privacy commissioners of both ...
- Ransomware attack on Blue Yonder disrupts Starbucks, Sainsbury’s, Morrisons
November 27, 2024
Starbucks has confirmed that a ransomware attack on software supplier Blue Yonder has disrupted its internal systems for managing employee schedules and tracking work hours. The incident has primarily affected Starbucks’ North American operations, including approximately 11,000 stores across the United States and Canada. Starbucks says the cyberattack has compromised its ability to track baristas’ hours ...
- Analysis of Elpaco: a Mimic variant
November 26, 2024
In a recent incident response case, Kaspersky dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim’s server after a successful brute force attack and then launch the ransomware. After that, the adversary was able to elevate their privileges by exploiting the ...
- 9 months after the largest healthcare breach in history, UnitedHealth subsidiary back online
November 22, 2024
Change Healthcare—a subsidiary of the global health company UnitedHealth Group — has restored its medical billing services nine months after suffering an unprecedented ransomware attack that left providers with serious cashflow problems, threatened access to care, and leaked sensitive information onto the dark web. Change Healthcare, one of the largest health payment processing companies in the ...
- Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
November 20, 2024
Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius. Since the rebrand, Unit 42 has observed at least ...