Akira ransomware: FBI and Europol sound alert over $42 million in losses

Akira extracts millions of dollars from 250 companies as ransomware crisis deepens.

An emerging ransomware group called Akira has attracted the attention of well-known organizations around the world. The group is estimated to be only one year old. Due to its extensive network intrusion activities, it has successfully invaded more than 250 organizations around the world and collected nearly 42 million yuan. USD ransom.

An investigation led by the FBI revealed that Akira has been actively targeting businesses and critical infrastructure in North America, Europe and Australia since March 2023. Akira ransomware, which initially only targeted Windows systems, expanded its threat scope after the FBI discovered its Linux version.

Akira Ransomware Crisis

To combat this growing threat, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Center (EC3), and the Netherlands National Cyber ​​Security Center (NCSC-NL) jointly issued a cyber Safety Advisory Report (CSA) to increase awareness and reduce possible future risks from Akira.

"Early versions of the Akira ransomware variant were written in C and encrypted files with the .akira extension; however, starting in August 2023, some Akira attacks began deploying Megazord, using Rust-based code with the .powerranges extension files are encrypted. Akira threat actors continue to use Megazord and Akira interchangeably, including Akira_v2, as determined by trusted third-party investigations.”

Akira recently launched ransomware attacks against Nissan Oceania and Stanford University. Nissan Oceania reported that the data of 100,000 people was compromised in March, while Stanford University last month disclosed a security incident affecting 27,000 people, both related to Akira.

These threat actors are known for using a dual extortion strategy where they encrypt systems after stealing data.

The ransom note provides each affected company with a unique code and a .onion URL to contact them. They do not demand ransom or payment details on hacked networks; they only disclose this information if a victim proactively contacts them.

Payment is via Bitcoin to the address they provide. According to the FBI's official statement, these entities even threatened to publish the stolen data on the Tor network and sometimes proactively contacted affected companies.

The resurgence of ransomware

Ransomware made a comeback in 2023, involving payments exceeding $1 billion, a record high.

Centralized exchanges and mixing services have become the main places to launder these illegally obtained funds and dominate the trading channels. Still, new money laundering services like bridges and instant exchanges maintained strong growth throughout the year.

The above is the detailed content of Akira ransomware: FBI and Europol sound alert over $42 million in losses. For more information, please follow other related articles on the PHP Chinese website!