Akira

Malware Profile Updated 12 days ago
Download STIX
Preview STIX
Akira is a notorious malware, specifically a ransomware, that has been causing significant damage and disruptions across various industries. It operates by infiltrating systems often without the user's knowledge, stealing sensitive information, and holding data hostage for ransom. Over time, Akira has proved to be a persistent threat, with its activities reported as early as 2023. It has targeted organizations lacking robust security measures, such as Cisco ASA systems without multi-factor authentication. Microsoft Defender, however, successfully thwarted an Akira ransomware attack on an industrial engineering firm, demonstrating the potential of advanced cybersecurity solutions in mitigating such threats. The ransomware has not only been consistent but also devastatingly successful, having received $42M in ransom payments from over 250 victims according to an FBI report. Among its high-profile targets was Nissan Australia, from which the Akira ransomware gang claimed to have stolen sensitive data. This incident underscores the severity of the threat posed by Akira and the urgent need for organizations to bolster their cybersecurity defenses. In addition to its direct activities, there are indications that entities associated with Akira may be using deceptive tactics to retarget previous victims. Furthermore, Akira is part of a growing number of cybercrime groups, including WereWolves, While Play, and 8base, that are climbing the ranks due to an increasing number of victims. These developments highlight the evolving and complex nature of the cyber threat landscape, necessitating continuous vigilance and adaptation from businesses and cybersecurity professionals alike.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lockbit
11
LockBit is a malicious software (malware) that has been implicated in several high-profile cyber attacks. It infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Recently, the L
Conti
6
Conti is a malware program known for its disruptive capabilities, including stealing personal information and holding data hostage for ransom. It gained notoriety as part of the arsenal of ITG23, a cybercrime group that used it in conjunction with other malicious software like Trickbot, BazarLoader,
Megazord
4
Megazord is a new variant of the Akira ransomware, first observed in deployment by Akira threat actors around August 2023. Initially focusing on Windows systems, the malware evolved to target Linux VMware ESXi virtual machines. Early versions of Akira were written in C++, encrypting files with an .a
Powerranges
3
None
Hive
3
Hive, a form of malware, has been causing significant disruptions in the cybersecurity world. The malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. Notably, Volt Typhoon has exfilt
REvil
2
REvil, a Russia-based group, was a prominent player in the Ransomware as a Service (RaaS) model that gained traction through 2020. The group was notorious for its high-profile attacks on critical infrastructure entities in the US between 2019 and 2021. REvil's modus operandi involved hacking into vi
Akira_v2
2
Akira_v2 is a variant of the Akira malware, identified and confirmed by trusted third-party investigations. The Akira threat actors were initially observed deploying the Windows-specific "Megazord" ransomware, with further analysis revealing that a second payload, later identified as Akira_v2, was c
Zeon
2
Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B
Akira Ransomware Gang
2
The Akira ransomware gang, a malicious threat actor in the cybersecurity landscape, has been actively involved in several high-profile cyber attacks. They use sophisticated techniques to infiltrate systems and steal sensitive data, posing significant threats to both private companies and government
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Windows
Ransom
Vpn
Vulnerability
Linux
Extortion
Encryption
Exploit
Malware
Cisco
Cybercrime
Esxi
Encrypt
RaaS
Lateral Move...
WinRAR
Reconnaissance
Phishing
University
Education
Fraud
Zero Day
Healthcare
T1490
t1003.001
T1133
T1486
Microsoft
Rapid7
Data Leak
Avast
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Black BastaUnspecified
6
Black Basta is a prolific malware, specifically a Ransomware-as-a-Service (RaaS) operator, originating from Russia. It is believed to be an offshoot of the notorious Conti ransomware group, which ceased operations just prior to Black Basta's emergence. The malware uses popular initial access techniq
ClopUnspecified
6
Clop is a type of malware, specifically a ransomware, known for its destructive capabilities in exploiting and damaging computer systems. It can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the potential to steal personal inform
BlackbastaUnspecified
3
BlackBasta is a notorious malware group known for its ransomware attacks, which began in April 2022. The group primarily used SharpDepositorCrypter as the main loader for their ransomware throughout most of 2022. In addition to BlackBasta Ransomware, they have also utilized other malicious software
IceFireUnspecified
2
IceFire is a malicious software (malware) that has been detected as part of the Linux ransomware family. It was initially known for attacking Windows systems, but recent developments have seen it expand its reach to both Linux and Windows systems. The shift by IceFire to target Linux systems worldwi
CactusUnspecified
2
Cactus is a malicious software, or malware, that is notably used in ransomware attacks. This ransomware has been reported to exploit vulnerabilities in Qlik Sense servers, as highlighted by The Hacker News. A scan conducted by Fox-IT on April 17 revealed that out of 5,205 Internet-accessible Qlik Se
Ghostis related to
2
Ghost is a malicious software (malware) that infiltrates computer systems, often without the user's knowledge. It can cause significant damage by stealing personal information, disrupting operations, or holding data hostage for ransom. Ghost first came into prominence in 2020 when it was part of a l
BlacksuitUnspecified
2
BlackSuit is a dangerous malware that has been causing significant disruption in the U.S., particularly within the healthcare sector. It is believed to be a rebranding of the Royal ransomware gang, itself a descendant of the Russian Conti gang. Notably, BlackSuit appears to be perpetrating its extor
TrickBotUnspecified
2
TrickBot is a notorious malware that has been linked to numerous cybercrimes. This malicious software, designed to exploit and damage computers or devices, can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal informat
RyukUnspecified
2
Ryuk is a type of malware, specifically ransomware, that has been used extensively by the group ITG23. The group has been encrypting their malware for several years, using crypters with malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware investigations were linked to
WerewolvesUnspecified
2
The Werewolves ransomware group has recently emerged as a significant threat in the cybercrime landscape. The group, known for its unusual targeting of Russian entities, employs a variant of the LockBit3 ransomware in its attacks. Since its inception, Werewolves has targeted 26 victims across variou
TrigonaUnspecified
2
Trigona, a notable ransomware strain first identified in 2022, is a type of malicious software designed to infiltrate systems and hold data hostage for ransom. Its operations gained significant attention in 2023, as it emerged as a prominent threat in the cybersecurity landscape. Trigona had a uniqu
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
8
Alphv, also known as BlackCat, is a notorious threat actor that emerged in December 2021. The group has been responsible for numerous high-profile cyberattacks, including those against Clarion, a global manufacturer of audio and video equipment for cars; Morrison Community Hospital, from which they
MedusaUnspecified
3
Medusa is a significant threat actor known for its ransomware attacks on global organizations. The group made headlines in 2023 and early 2024 with an increase in data leaks and multi-extortion attempts, leveraging a zero-day exploit for the Citrix Bleed vulnerability (CVE-2023-4966) alongside other
BlackbyteUnspecified
3
BlackByte, a threat actor known for its malicious activities, has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte attracted the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (U
Conti TeamUnspecified
2
The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack
Vice SocietyUnspecified
2
Vice Society, a threat actor known for its malicious cyber activities, has been identified as a significant player in the deployment of ransomware attacks. Notably active from 2022 through May 2023, Vice Society executed multi-extortion strategies, targeting various sectors including education and h
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-20269Unspecified
6
CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation of
LogicalUnspecified
2
"Logical" is a term used to describe a vulnerability in software design or implementation, which can be exploited by threat actors. This type of flaw has been identified in various platforms and systems, including Windows Error Reporting (WER) where several logical bugs have been discovered by secur
CVE-2020-3259Unspecified
2
None
Source Document References
Information about the Akira Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CISA
a month ago
#StopRansomware: Akira Ransomware | CISA
Fortinet
7 months ago
Ransomware Roundup - Akira | FortiGuard Labs
CERT-EU
a year ago
Akira ransomware - what you need to know
CERT-EU
a year ago
Akira ransomware – what you need to know | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
a year ago
A New Ransomware Operation Threatens Your Business: Akira
Pulsedive
a year ago
Pulsedive Blog | Akira Ransomware Threat Briefing
CERT-EU
10 months ago
Akira ransomware compromised at least 63 victims since March, report says
Pulsedive
5 months ago
Pulsedive Blog | 2023 in Review
CERT-EU
a year ago
Akira Virus Ransomware [.akira Files] Remove + Restore
CERT-EU
9 months ago
Akira Ransomware, 8Base Ransomware, and more: Hacker’s Playbook Threat Coverage Round-up: August 22, 2023
CERT-EU
a year ago
New Akira Ransomware Attacking Organizations and Exposes Sensitive Data
BankInfoSecurity
10 months ago
Are Akira Ransomware's Crypto-Locking Malware Days Numbered?
BankInfoSecurity
2 months ago
Ransomware Talent Surges to Akira After LockBit's Demise
CERT-EU
a year ago
Akira Ransomware Targets VMware ESXi Servers
CERT-EU
10 months ago
Akira Ransomware Racks Up at Least 63 Victims in 4 Months
Securityaffairs
a month ago
Akira ransomware received $42M in ransom payments from over 250 victims
CERT-EU
2 months ago
Ransomware Talent Surges to Akira After LockBit's Demise
CERT-EU
8 months ago
Feds Warn Healthcare Sector of Akira Ransomware Threats
BankInfoSecurity
8 months ago
Feds Warn Healthcare Sector of Akira Ransomware Threats
CERT-EU
a year ago
Ransomware group claims responsibility for cyberattack on Mercer’s systems | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting