Akira drains millions of dollars from 250 companies as ransomware crisis deepens

An emerging ransomware group called Akira has caught the attention of well-known global organizations. The group is estimated to be only one year old and has successfully hacked into more than 250 organizations around the world and collected nearly $42 million in ransom due to its extensive network intrusion activities.

An investigation led by the FBI shows that Akira has been actively targeting businesses and critical infrastructure in North America, Europe, and Australia since March 2023. Initially targeting only Windows systems, Akira ransomware expanded its threat scope after the FBI discovered its Linux version.

Akira Ransomware Crisis

In response to this growing threat, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the National Cybersecurity Centre of the Netherlands (NCSC-NL) have jointly issued a Cybersecurity Advisory (CSA) to increase awareness and mitigate the risks that Akira may pose in the future.

“Earlier versions of the Akira ransomware variant were written in C++ and encrypted files with the .akira extension; however, starting in August 2023, some Akira attacks began deploying Megazord, using Rust-based code to encrypt files with the .powerranges extension. Akira threat actors continue to use Megazord and Akira interchangeably, including Akira_v2, identified by third-party credible investigation.”

Akira recently launched ransomware attacks against Nissan Oceania and Stanford University. Nissan Oceania reported that the data of 100,000 people was compromised in March, while Stanford University disclosed a security incident affecting 27,000 people last month, both of which were linked to Akira.

These threat actors are known for using double extortion tactics, where they encrypt systems after stealing data.

The ransom note provides each affected company with a unique code and a .onion URL to contact them. They do not ask for a ransom or payment details on the hacked network; they only reveal this information if the victim contacts them first.

The payment method is through Bitcoin to the addresses they provide. According to the official statement of the FBI, these entities even threaten to publish the stolen data on the Tor network and sometimes actively contact the affected companies.

The resurgence of ransomware

Ransomware made a comeback in 2023, with payments exceeding $1 billion, a record high.

Centralized exchanges and mixing services have become the primary venues for laundering these ill-gotten funds and have dominated the transaction channels. Despite this, new money laundering services such as bridges and instant exchanges have maintained strong growth momentum throughout the year. #Akira  #勒索软件