Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines.
As of January 1, 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds. Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Ransomware has proliferated because it’s ‘largely uncontested’, says GCHQ boss
October 26, 2021
If you’ve wondered why ransomware has proliferated in recent years, it’s because until recently it has remained unchallenged, according to Sir Jeremy Fleming, director of British signals intelligence agency GCHQ. “We’ve seen twice as many attacks this year as last year in the UK – but the reason it is proliferating is because it works,” ...
- Ransomware: Industrial services top the hit list – but cyber criminals are diversifying
October 25, 2021
Businesses in industrial goods and services are still the most popular target for ransomware attacks, but cyber criminals are increasingly diversifying which organisations they’re extorting. Ransomware has become a major cybersecurity issue, as cyber criminals infiltrate networks and encrypt servers and files before demanding a ransom payment – often amounting to millions of dollars in cryptocurrencies ...
- Evil Corp demands $40 million in new Macaw ransomware attacks
October 21, 2021
Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. The Evil Corp hacking group, also known Indrik Spider and the Dridex gang, has been involved in cybercrime activities since 2007, but mostly as affiliates to other organizations. Over time, the group began focusing on their ...
- Why is Cybersecurity Failing Against Ransomware?
October 21, 2021
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. Yes, security is hard – no one is ever 100 percent safe from the threats lurking out there. But how is it that time and time again, ...
- Joint CISA, FBI and NSA Cybersecurity Advisory – BlackMatter Ransomware
October 18, 2021
This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware. Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations. This advisory provides information ...
- Sinclair Confirms Ransomware Attack That Disrupted TV Stations
October 18, 2021
Sinclair Broadcast Group, which owns hundreds of local television stations across the U.S., confirmed Monday that it has suffered a ransomware attack. The incident is disrupting its advertising operations, among other things, and spread to many of its owned TV affiliates over the weekend, knocking local broadcast feeds off the air. The cyberattack disrupted the company’s ...