Akira_v2

Malware updated 5 months ago (2024-05-05T11:17:32.141Z)

Download STIX

Preview STIX

Akira_v2 is a variant of the Akira malware, identified and confirmed by trusted third-party investigations. The Akira threat actors were initially observed deploying the Windows-specific "Megazord" ransomware, with further analysis revealing that a second payload, later identified as Akira_v2, was concurrently deployed in the attack. This novel variant of the Akira ESXi encryptor is part of a broader malicious software landscape designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The Akira threat actors have shown a persistent pattern of employing both Megazord and Akira, including the Akira_v2 variant, interchangeably. They have continued to use these two forms of malware, demonstrating a sophisticated understanding of multiple operating systems and their vulnerabilities. This dual deployment strategy allows them to maximize the potential damage and disruption caused by their attacks, making them a significant cybersecurity concern. In August 2023, the Akira threat actors evolved from primarily targeting Windows systems to focusing on Linux, specifically VMware ESXi virtual machines. They began deploying Megazord, a Rust-based code, alongside Akira, which is written in C++, including the Akira_v2 variant, also based on Rust. This shift signifies an expansion in their capabilities and target range, increasing the potential risk for a wider variety of systems and networks.

Description last updated: 2024-05-05T10:20:03.239Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Akira is a possible alias for Akira_v2. Akira is a notorious malware, specifically a ransomware, that has been active since April 2023. It utilizes dual extortion tactics to compromise various industries, as outlined in a technical analysis shared by cybersecurity researchers. The ransomware's modus operandi includes stealing sensitive da	2
Megazord is a possible alias for Akira_v2. Megazord is a new variant of the Akira ransomware, first observed in deployment by Akira threat actors around August 2023. Initially focusing on Windows systems, the malware evolved to target Linux VMware ESXi virtual machines. Early versions of Akira were written in C++, encrypting files with an .a	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Akira_v2 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	6 months ago	CISA and Partners Release Advisory on Akira Ransomware \| CISA
CISA	6 months ago	#StopRansomware: Akira Ransomware \| CISA
Securityaffairs	6 months ago	Akira ransomware received $42M in ransom payments from over 250 victims