Meet Akira — A new ransomware operation targeting the enterprise

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The new Akira ransomware operation has slowly been building a list of victims as they breach corporate networks worldwide, encrypt files, and then demand million-dollar ransoms.
Launched in March 2023, Akira claims to have already conducted attacks on sixteen companies. These companies are in various industries, including education, finance, real estate, manufacturing, and consulting.

While another ransomware named Akira was released in 2017, it is not believed that these operations are related.

The Akira encryptor​


A sample of the Akira ransomware was discovered by MalwareHunterTeam, who shared a sample with BleepingComputer so we could analyze it.
When executed, Akira will delete Windows Shadow Volume Copies on the device by running the following PowerShell command:
...
... ...

At the time of this writing, Akira has leaked the data for four victims on their data leak site, with the size of the leaked data ranging from 5.9 GB for one company to 259 GB for another.
From negotiations seen by BleepingComputer, the ransomware gang demands ransoms ranging from a $200,000 to millions of dollars.

They are also willing to lower ransom demands for companies who do not need a decryptor, and just want to prevent the leaking of stolen data.
The ransomware is currently being analyzed for weaknesses, and BleepingComputer does not advise victims to pay the ransom until its determined if a free decryptor can recover files for free.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top