Akira Ransomware Extorts $42M, Hits 250+ Entities Globally: Agencies Warn
April 21, 2024
The Akira ransomware has compromised over 250 organizations globally and amassed over $42 million in ransoms since early 2023.
Government bodies including CISA, the FBI, Europol, and the Dutch National Cyber Security Centre are tracking Akira's activities.
Akira has targeted multiple industries and has specifically developed tools to breach VMware ESXi servers using a Linux encryptor.
The threat actors engage in double extortion by stealing data prior to encrypting it, attaching a .powerranges extension to encrypted files.
A Rust-based code evolution of the malware has been identified, signifying technical advancement and complexity.
Akira's operators exploit vulnerabilities, notably in Cisco products, to infiltrate and escalate access in victim networks.
Two different ransomware variants are deployed for varied system architectures in a single attack, with tactics to disable security software.
The advisory from the agencies includes indicators of compromise and highlights a sophisticated hybrid encryption method used by the attackers.
Summary based on 1 source
Get a daily email with more Tech stories
Source

Security Affairs • Apr 21, 2024
Akira ransomware received $42M in ransom payments from over 250 victims