Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Australian law firm HWL Ebsworth probing hacked data
June 9, 2023
A prominent Australian law firm is investigating claims hackers have published data taken from the company on the dark web. HWL Ebsworth, which has clients at either commercial or government level in every state or territory, on Friday said it had learned of the data release. Read more… Source: The New Daily
- Thousands of Aer Lingus staff data stolen in ransomware attack
June 7, 2023
A Russia-linked ransomware gang responsible for a global cyber attack that has led to 5,000 Aer Lingus staff having their data stolen may have acquired enough information for identity theft, a leading cybercrime expert has warned. US company Progress Software revealed last week hackers had found a way to compromise the MOVEit Transfer software which is ...
- Spanish Globalcaja bank confirms ransomware attack
June 5, 2023
A prominent Spanish bank has confirmed that it is dealing with a ransomware attack that has impacted multiple branches. On Friday, Globalcaja issued a statement assuring customers that the incident has not impacted its entities’ operations, and that electronic banking and ATM services are still functioning. Read more… Source: Computing News
- Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward
June 5, 2023
Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to ...
- New York county still dealing with ransomware eight months after attack
May 29, 2023
The fallout from an eight-month-old cyber attack on a county in Long Island, New York has devolved into mud-slinging as leaders try to figure out just what is going on. Suffolk County was hit with a ransomware attack in early September 2022, which led county executive Steve Bellone to issue nine separate emergency declarations, Long ...
- Buhti: New Ransomware Operation Relies on Repurposed Payloads
May 25, 2023
A relatively new ransomware operation calling itself Buhti appears to be eschewing developing its own payload and is instead utilizing variants of the leaked LockBit and Babuk ransomware families to attack Windows and Linux systems. While the group doesn’t develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer ...