Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- An overview of the new Rhysida ransomware targeting the Healthcare sector
August 9, 2023
On August 4, 2023, the HHS’ Health Sector Cybersecurity Coordination Center (HC3) released a security alert about a relatively new ransomware called Rhysida (detected as Ransom.PS1.RHYSIDA.SM), which has been active since May 2023. In this blog entry, Trend Micro reaseachers will provide details on Rhysida, including its targets and what they know about its infection ...
- Attackers Distribute Malware via Freeze.rs And SYK Crypter
August 9, 2023
FortiGuard Labs recently detected a new injector written in Rust—one of the fastest-growing programming languages—to inject shellcode and introduce XWorm into a victim’s environment. While Rust is relatively uncommon in malware development, several campaigns have adopted this language since 2019, including Buer loader, Hive, and RansomExx. FortiGuard Labs analysis also revealed a significant increase in injector ...
- Paracetamol maker Granules India’ Q1 profit hurt by cyber attack disruptions
August 9, 2023
Granules India Ltd the maker of paracetamol and ibuprofen pain relievers, reported a 62.5% fall in first-quarter profit on Wednesday, as a cyber security incident significantly disrupted operations. The generic drug maker’s consolidated net profit tumbled to 478.9 million rupees ($5.8 million) in the April-June quarter, from 1.27 billion rupees a year earlier. Granules faced a ...
- Clustering attacker behavior reveals hidden patterns
August 8, 2023
A collection of very specific behaviors, observed by Sophos X-Ops incident response analysts in the lead-up to four separate ransomware attacks in the first quarter of 2023, indicates an unexpected connection between the attacks. In the parlance of the Managed Detection and Response (MDR) team, the peculiarly similar details constitute a threat activity cluster that ...
- Code leaks are causing an influx of new ransomware actors
August 7, 2023
Ransomware gangs are consistently rebranding or merging with other groups, as highlighted in our 2022 Year in Review, or these actors work for multiple ransomware-as-a-service (RaaS) outfits at a time, and new groups are always emerging. This trend is already continuing this year. Since 2021, there have been multiple leaks of ransomware source code and builders ...
- Cyberattacks targeting utility firms at ‘alarmingly high levels’
August 2, 2023
Utility firms such as electricity providers have become the new frontier for cyberattacks, reaching “alarmingly high levels” last year, the International Energy Agency (IEA) has warned. Russia’s invasion of Ukraine gave fresh impetus to cyber criminals to attack electricity grids and demand ransoms from energy companies scarcely able to defend themselves due to a cybersecurity ...