Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
August 6, 2022
A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means “ghost” in Korean. The actor is of unknown origin but appears to ...
- SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant
August 2, 2022
Trend Micro researchers recently analyzed a sample of a new SolidBit ransomware variant that targets users of popular video games and social media platforms. The malware was uploaded to GitHub, where it is disguised as different applications, including a League of Legends account checker tool (Figure 1) and an Instagram follower bot, to lure in ...
- MBDA is refuting the alleged ‘hacking’ of the company’s information systems
August 1, 2022
MBDA is refuting the alleged ‘hacking’ of the company’s information systems, and has filed a report with police of an attempt to blackmail the company. MBDA is the subject of a blackmail attempt by a criminal group that falsely claims to have hacked the company’s information networks. Following the company’s refusal to yield to this blackmail ...
- LockBit ransomware gang claims it ransacked Italy’s tax agency
July 26, 2022
The LockBit ransomware crew is claiming to have stolen 78GB of data from Italy’s tax agency and is threatening to leak it if a ransom isn’t paid by July 31. The notorious gang put a notice on its dark-web site adding the agency – the Agenzia delle Entrate – to its growing list of victims. According ...
- How Conti ransomware hacked and encrypted the Costa Rican government
July 21, 2022
Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack’s precision and the speed of moving from initial access to the final stage of encrypting devices. This is the last attack from the Conti ransomware operation before the group transitioned to a different form of organization that relies on ...
- New ‘Lightning Framework’ Linux malware installs rootkits, backdoors
July 21, 2022
A new and previously undetected malware dubbed ‘Lightning Framework’ targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a “Swiss Army Knife” in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. Read more… Source: Bleeping ...