Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- How the ransomware attack at Change Healthcare went down – a timeline
December 18, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...
- Dragos Industrial Ransomware Analysis Q3 2024
December 17, 2024
The third quarter (July – September) of 2024 brought transformative shifts to the ransomware landscape, emphasizing its dynamic and continuously evolving nature. The ransomware threat ecosystem remained highly active in the third quarter, fueled by new groups, rebranding of existing entities, expansion of initial access broker operations, and proliferation of illicitly traded tools. Ransomware operators increasingly ...
- 2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
December 16, 2024
In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface. The Rapid7 Labs team has rounded up statistics and trends that caught their eye throughout ...
- NotLockBit ransomware targets Apple users with advanced file-locking and data exfiltration
December 15, 2024
The recent discovery of macOS.NotLockBit suggests a shift in the landscape, as this newly identified malware, named after the notorious LockBit variant, could mark the beginning of more serious ransomware campaigns against Mac users. Ransomware targeting Mac devices tends to lack the necessary tools to truly lock files or exfiltrate data. The general perception has been ...
- Romanian energy supplier struck by ransomware attack
December 10, 2024
Romanian energy supplier Electrica Group has confirmed suffering a cyberattack in the latest incident to hit major institutions in the country. In a press announcement, the company said it was investigating an “ongoing cyberattack” together with the local law enforcement. The company did not detail the attack, its nature, goal, or the identity of the threat ...
- “Termite” ransomware group claims responsibility for the Blue Yonder attack
December 9, 2024
On Friday, the “Termite” ransomware group claimed responsibility for the attack on its dark web leak site. In a post seen by TechCrunch, the gang claims to have stolen 680 gigabytes of data from Blue Yonder, including documents, reports, insurance documents and email lists, which Termite says it intends to use “for future attacks.” In a ...