Major international security organizations have issued warnings about a newly formed ransomware group called Akira, which is believed to be only a year old. This group has reportedly carried out cyber attacks on over 250 organizations around the world, resulting in approximately $42 million being paid in ransoms.

The FBI has uncovered that Akira has been persistently attacking businesses and essential facilities in North America, Europe, and Australia since March 2023. At first, Akira primarily focused on Windows systems; however, the FBI later identified a Linux version of this threat.

Akira Ransomware Crisis

These agencies – the FBI, CISA, Europol’s EC3, and NCSC-NL – have come together to issue a warning (cybersecurity advisory or CSA) regarding the increasing danger of Akira. The aim is to inform the public and minimize potential harm from this threat in the future.

Starting from August 2023, the Akira ransomware changed its tactics. Previously, it used C++ for writing its early versions and encrypted files with a .akira extension. However, more recent attacks involved using Megazord, which is written in Rust and encrypts files with a .powerranges extension. The Akira cybercriminals have been known to employ both Megazord and the original Akira, including the updated version Akira_v2, indiscriminately.

More recently, Akira has been involved in cyberattacks against Nissan Oceania and Stanford University. Nissan Oceania announced a data leak impacting approximately 100,000 people in March, while Stanford University revealed a security incident affecting around 27,000 individuals last month – both of which are believed to be connected to Akira.

Threat actors employ a dual extortion strategy, first encrypting systems and then taking data. The ransom message provides a distinct code and an onion URL for communication. They don’t demand ransoms or payment instructions through the compromised networks; instead, they only reveal such information upon contact from the affected company.

Entities request Bitcoin payments to the given addresses for transactions. They may also leak stolen information on the Tor network as a threat, and at times contact affected businesses, the FBI warned in their statement.

Ransomware Resurgence

Ransomware made a comeback in 2023, with payments surpassing $1 billion, marking an all-time high.

Centralized exchanges and mixers became the go-to places for laundering illegal funds, handling a large portion of transactions. However, new methods for money laundering such as bridges and instant exchanges have been growing in popularity over the past year.

Read More

2024-04-21 14:50