Akira_v2

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Akira_v2 is a variant of the Akira malware, identified and confirmed by trusted third-party investigations. The Akira threat actors were initially observed deploying the Windows-specific "Megazord" ransomware, with further analysis revealing that a second payload, later identified as Akira_v2, was concurrently deployed in the attack. This novel variant of the Akira ESXi encryptor is part of a broader malicious software landscape designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The Akira threat actors have shown a persistent pattern of employing both Megazord and Akira, including the Akira_v2 variant, interchangeably. They have continued to use these two forms of malware, demonstrating a sophisticated understanding of multiple operating systems and their vulnerabilities. This dual deployment strategy allows them to maximize the potential damage and disruption caused by their attacks, making them a significant cybersecurity concern. In August 2023, the Akira threat actors evolved from primarily targeting Windows systems to focusing on Linux, specifically VMware ESXi virtual machines. They began deploying Megazord, a Rust-based code, alongside Akira, which is written in C++, including the Akira_v2 variant, also based on Rust. This shift signifies an expansion in their capabilities and target range, increasing the potential risk for a wider variety of systems and networks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Megazord
2
Megazord is a new variant of the Akira ransomware, first observed in deployment by Akira threat actors around August 2023. Initially focusing on Windows systems, the malware evolved to target Linux VMware ESXi virtual machines. Early versions of Akira were written in C++, encrypting files with an .a
Akira
2
Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Ransomware
Esxi
Windows
Payload
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Akira_v2 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CISA
3 months ago
CISA and Partners Release Advisory on Akira Ransomware | CISA
CISA
3 months ago
#StopRansomware: Akira Ransomware | CISA
Securityaffairs
3 months ago
Akira ransomware received $42M in ransom payments from over 250 victims