Megazord

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Megazord is a new variant of the Akira ransomware, first observed in deployment by Akira threat actors around August 2023. Initially focusing on Windows systems, the malware evolved to target Linux VMware ESXi virtual machines. Early versions of Akira were written in C++, encrypting files with an .akira extension. However, from August 2023, some attacks began deploying Megazord, which employs Rust-based code and encrypts files with a .powerranges extension. The Akira threat actors have continued to use both Megazord and Akira, including another variant, Akira_v2, interchangeably. In-depth analysis of the Megazord ransomware revealed that it was concurrently deployed with a second payload in certain attacks. This secondary payload was later identified as a novel variant of the Akira ESXi encryptor, "Akira_v2", which is also written in Rust. Several static and code similarities between Megazord and Akira suggest that Megazord could be an attempt to give Akira a new look or to evade detection by security software. The emergence of Megazord underscores the persistent and evolving threat posed by ransomware. With its ability to change file names by appending a .powerrangers extension, Megazord can cause significant disruption and potential data loss. To combat this threat, organizations are advised to maintain robust cybersecurity measures, including regular system updates, backups, and employee education about the risks of suspicious downloads, emails, and websites.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Akira	4	Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
Akira_v2	2	Akira_v2 is a variant of the Akira malware, identified and confirmed by trusted third-party investigations. The Akira threat actors were initially observed deploying the Windows-specific "Megazord" ransomware, with further analysis revealing that a second payload, later identified as Akira_v2, was c

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Windows

Payload

Encryption

Encrypt

Ransom

Linux

Esxi

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Powerranges	Unspecified	2	None

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Akira's Megazord	Unspecified	1	None

Source Document References

Information about the Megazord Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Securityaffairs	3 months ago	Akira ransomware received $42M in ransom payments from over 250 victims
CISA	3 months ago	#StopRansomware: Akira Ransomware \| CISA
CISA	3 months ago	CISA and Partners Release Advisory on Akira Ransomware \| CISA
CERT-EU	9 months ago	The Week in Ransomware - October 20th 2023 - Fighting Back
Fortinet	9 months ago	Ransomware Roundup - Akira \| FortiGuard Labs
CERT-EU	10 months ago	The Week in Ransomware - September 29th 2023 - Dark Angels