Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Scottish law firm Scullion Law suffers cyber attack
March 31, 2024
Scullion Law, which has offices on George Street Edinburgh, as well as in Glasgow, Hamilton and Madrid, had 155GB of data stolen in the attack by Black Basta. A spokesperson for the award-winning firm said: “We can confirm that we were recently the victim of a cyberattack. “We promptly notified the ICO and The Law Society ...
- The impact of compromised backups on ransomware outcomes
March 29, 2024
There are two main ways to recover encrypted data in a ransomware attack: restoring from backups and paying the ransom. Compromising an organization’s backups enables adversaries to restrict their victim’s ability to recover encrypted data and dial-up the pressure to pay the ransom. This analysis explores the impact of backup compromise on the business and operational ...
- Hackers threaten to release ‘huge volume’ of stolen NHS Scotland data
March 27, 2024
A cybercrime group has claimed it will release a large volume of NHS Scotland data stolen during a sustained hacking attack. INC Ransom, an extortion operation, has posted a message on its dark web blog, threatening to release three terabytes – which equates to 3,000 gigabytes – of stolen health service patient and staff data. NHS ...
- Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
March 26, 2024
Since its discovery in 2022, the Agenda Ransomware group (also known as Qilin) has been active and in development. Agenda, which Trend Micro tracks as Water Galura, continues infecting victims globally with the US, Argentina, and Australia, and Thailand being among its top targets (based on the threat actor’s leak site data). Meanwhile the Agenda ransomware ...
- China’s MSS publicizes typical case to remind public of overseas cyber ransom attacks
March 21, 2024
China’s national security authorities publicized on Thursday a typical case of cyber ransom attacks to help raise public awareness over online blackmail and attacks from overseas, which not only affects social stability and economic development but also threatens China’s national security and interests. A Chinese high-tech company recently filed a report through the hotline 12339 about ...
- Mandatory cyber requirements after Change Healthcare attack opposed by health sector
March 18, 2024
The American Hospital Association has opposed mandatory cybersecurity requirements proposed for the healthcare sector following the ransomware attack against Change Healthcare, which has resulted in widespread prescription processing outages across the U.S. “Imposing fines or cutting Medicare payments would diminish hospital resources needed to combat cybercrime and would be counterproductive to our shared goal of preventing ...