Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Security pros are being hospitalized by after-effects of ransomware hacks
January 19, 2024
New research from the Royal United Services Institute (RUSI) has laid bare the mental and physical toll that cybersecurity workers face as a result of their work. In a number of interviews with individuals who had been at the forefront of ransomware attacks and their aftermath, RUSI found that individuals were suffering from stress related illnesses, ...
- Majorca: Calvià City Council hit by €10million ransom demand
January 17, 2024
Saturday witnessed a cyberattack on the Spanish city of Calvià in Majorca, with hackers now demanding 10 million euros to be paid to restore functionality to integral systems. The Calvià City Council website has been offering updates on the situation, saying the local authority is “working to recover normality as soon as possible, after having been ...
- Latest Cyber-Attacks in Serbia Raise Fresh Questions about Defence
January 16, 2024
Serbia’s inaction in the face of frequent cyber-attacks on public institutions and private companies is a growing concern, cyber security expert Ivan Markovic has told BIRN, after the online forum he co-founded reported that a server used by the Serbian army had been breached and state energy company Elektroprivreda Srbije, EPS, had been hit with ...
- Medusa Ransomware Turning Your Files into Stone
January 11, 2024
Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Medusa threat actors use this site to disclose sensitive data from victims unwilling to comply with their ransom demands. As ...
- New York: Refuah Health to spend over $1M on cyber security following ransomware attack
January 8, 2024
A Hudson Valley health care provider will spend more than $1 million on cybersecurity after a ransomware attack leaked patients’ information. An investigation by the state attorney general found Refuah Healthdid not have proper precautions set up to prevent the attack. Read more… Source: Bronx News 12
- Freight giant Estes confirms data breach, but says it won’t pay ransom
January 5, 2024
The October 2023 cyberattack against Estes Express Lines was indeed ransomware, but the company has paid no ransom demand as yet. The company confirmed the news in an email recently sent to affected customers. As per the email, sent to roughly 21,000 people, threat actors accessed the company’s IT infrastructure on October 1, 2023, and managed ...