Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- #StopRansomware: Rhysida Ransomware
November 15, 2023
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the MultiState Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA to disseminate known Rhysida ransomware IOCs and TTPs identified through investigations as recently as September 2023. Rhysida – an emerging ransomware variant – has predominately been deployed against the education, ...
- Gang says ICBC paid ransom over hack that disrupted US Treasury market
November 14, 2023
China’s biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify. ICBC, whose U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on ...
- #StopRansomware: Royal Ransomware Update
November 13, 2023
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as June 2023. Since approximately September 2022, cyber threat actors have compromised U.S. and international organizations with Royal ransomware. FBI and ...
- Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
November 10, 2023
On October 31, 2023, Atlassian published an advisory on CVE-2023-22518, an Improper authorization vulnerability involving the Confluence Data Center and Server. Initially reported to cause data loss, it was eventually revealed that exploiting this vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, allowing them to perform all admin privileges available to ...
- U.S. arm of China mega-lender ICBC hit by ransomware attack
November 10, 2023
The U.S. arm of China’s largest bank said Thursday that it was hit by a ransomware attack, forcing clients to reroute trades and disrupting the U.S. Treasury market. Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom note demanding payment in exchange for decrypting the data or not releasing ...
- CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
November 9, 2023
On November 8, 2023, IT service management company SysAid disclosed CVE-2023-47426, a zero-day path traversal vulnerability affecting on-premise SysAid servers. According to Microsoft’s threat intelligence team, it has been exploited in the wild by DEV-0950 (Lace Tempest) in “limited attacks.” In a social media thread published the evening of November 8, Microsoft emphasized that Lace Tempest ...