Today, CISA, the Federal Bureau of Investigation (FBI), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Akira Ransomware, to disseminate known Akira ransomware tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as February 2024.

Evolving from an initial focus on Windows systems to a Linux variant targeting VMware ESXi virtual machines, Akira threat actors began deploying Megazord (a Rust-based code) and Akira (written in C++), including Akira_v2 (also Rust-based) in August 2023. Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia and claimed approximately $42 million (USD) in ransomware proceeds.

CISA and partners encourage critical infrastructure organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of Akira and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage and the updated #StopRansomware Guide.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

NCSC Sounds Alarm Over Private Branch Exchange Attacks

February 21, 2024 0 Comments 0 tags

The UK’s National Cyber Security Centre has produced new guidance for smaller firms on PBX attacks

Congressional privacy bill looks to rein in data brokersÂ

April 15, 2024 0 Comments 0 tags

A bipartisan data privacy bill unveiled last week by House and Senate leaders seeks to place boundaries around how large data brokers — firms that collect and combine massive sets

New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine

March 22, 2024 0 Comments 0 tags

SentinelLabs researchers identified the malware as a new variant of AcidRain, which shut down thousands of Viasat satellites in Ukraine and Western Europe in 2022