Akira_v2

Malware Profile Updated 23 days ago
Download STIX
Preview STIX
Akira_v2 is a variant of the Akira malware, identified and confirmed by trusted third-party investigations. The Akira threat actors were initially observed deploying the Windows-specific "Megazord" ransomware, with further analysis revealing that a second payload, later identified as Akira_v2, was concurrently deployed in the attack. This novel variant of the Akira ESXi encryptor is part of a broader malicious software landscape designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The Akira threat actors have shown a persistent pattern of employing both Megazord and Akira, including the Akira_v2 variant, interchangeably. They have continued to use these two forms of malware, demonstrating a sophisticated understanding of multiple operating systems and their vulnerabilities. This dual deployment strategy allows them to maximize the potential damage and disruption caused by their attacks, making them a significant cybersecurity concern. In August 2023, the Akira threat actors evolved from primarily targeting Windows systems to focusing on Linux, specifically VMware ESXi virtual machines. They began deploying Megazord, a Rust-based code, alongside Akira, which is written in C++, including the Akira_v2 variant, also based on Rust. This shift signifies an expansion in their capabilities and target range, increasing the potential risk for a wider variety of systems and networks.
What's your take? (Question 1 of 1)
5f1198a5-ef04-48b6-9d82-978d17cc9a54 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Akira
2
Akira is a compact C++ ransomware that has wreaked havoc across various sectors, impacting over 60 organizations globally. It is compatible with both Windows and Linux systems and is known for its minimalistic JQuery Terminal-based hidden service used for victim communication. The malware enters you
Megazord
2
Megazord is a new variant of the Akira ransomware, first observed in deployment by Akira threat actors around August 2023. Initially focusing on Windows systems, the malware evolved to target Linux VMware ESXi virtual machines. Early versions of Akira were written in C++, encrypting files with an .a
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Akira_v2 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CISA
a month ago
#StopRansomware: Akira Ransomware | CISA
CISA
a month ago
CISA and Partners Release Advisory on Akira Ransomware | CISA
Securityaffairs
a month ago
Akira ransomware received $42M in ransom payments from over 250 victims