FBI and Europol voice alarm over 42 million dollars in losses

Prominent global agencies have singled out the newly emerging ransomware group, Akira, which is estimated to be only a year old, for a massive cyberattack, breaching more than 250 organizations worldwide and paying nearly $42 million in ransoms.

Investigations led by the United States Federal Bureau of Investigation (FBI) have confirmed that Akira has been actively targeting businesses and critical infrastructure in North America, Europe and Australia since March 2023. Initially focused on Windows systems, Akira's threat landscape expanded with its discovery. Its Linux variant by the FBI.

Akira Ransomware Crisis

In response to this serious threat, the FBI, the Cybersecurity and Infrastructure Security Agency (CIA), Europol's European Cybercrime Center (EC3) and the Netherlands National Cybersecurity Center (NCSC-NL) jointly issued a Cyber ​​Security Advisory (CSA). A bid to raise awareness and reduce future risks posed by Akira.

“Early versions of Akira ransomware were written in C++ and encrypted files with the .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code that encrypts files with the .powerranges extension. Akira threat actors, including Akira_v2 (according to credible third-party investigations revealed) continue to use both the Megazord and Akira.

Akira recently targeted Nissan Oceania and Stanford University in ransomware attacks. Nissan Oceania reported a data breach affecting 100,000 individuals in March, and Stanford University disclosed a security issue affecting 27,000 individuals last month, both incidents related to Akira.

The threat actors are known to use double-spoofing techniques by encrypting systems after taking data. The ransom note gives each company a unique code and an Onion URL to access them. They do not ask for ransom or payment details on hacked networks; They are shared only when contacted by the victim.

Payments for the addresses you provide are in Bitcoin. These entities publish stolen data on the Tor network and sometimes threaten to link to affected companies, according to an FBI release.

Ransomware Resurgence

Ransomware It returns in 2023, with payouts exceeding $1 billion, an all-time high.

Centralized exchanges and aggregators have emerged as major venues for making these illicit funds appear legitimate and controlling trading channels. Despite this, new virtual services such as bridging and express exchanges have been encouraged throughout the year.