Megazord

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Megazord is a new variant of the Akira ransomware, first observed in deployment by Akira threat actors around August 2023. Initially focusing on Windows systems, the malware evolved to target Linux VMware ESXi virtual machines. Early versions of Akira were written in C++, encrypting files with an .akira extension. However, from August 2023, some attacks began deploying Megazord, which employs Rust-based code and encrypts files with a .powerranges extension. The Akira threat actors have continued to use both Megazord and Akira, including another variant, Akira_v2, interchangeably. In-depth analysis of the Megazord ransomware revealed that it was concurrently deployed with a second payload in certain attacks. This secondary payload was later identified as a novel variant of the Akira ESXi encryptor, "Akira_v2", which is also written in Rust. Several static and code similarities between Megazord and Akira suggest that Megazord could be an attempt to give Akira a new look or to evade detection by security software. The emergence of Megazord underscores the persistent and evolving threat posed by ransomware. With its ability to change file names by appending a .powerrangers extension, Megazord can cause significant disruption and potential data loss. To combat this threat, organizations are advised to maintain robust cybersecurity measures, including regular system updates, backups, and employee education about the risks of suspicious downloads, emails, and websites.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Akira
4
Akira is a notorious malware, specifically a ransomware, that has been causing significant damage and disruptions across various industries. It operates by infiltrating systems often without the user's knowledge, stealing sensitive information, and holding data hostage for ransom. Over time, Akira h
Akira_v2
2
Akira_v2 is a variant of the Akira malware, identified and confirmed by trusted third-party investigations. The Akira threat actors were initially observed deploying the Windows-specific "Megazord" ransomware, with further analysis revealing that a second payload, later identified as Akira_v2, was c
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PowerrangesUnspecified
2
None
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Megazord Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Fortinet
7 months ago
Ransomware Roundup - Akira | FortiGuard Labs
CERT-EU
7 months ago
The Week in Ransomware - October 20th 2023 - Fighting Back
CISA
a month ago
#StopRansomware: Akira Ransomware | CISA
CERT-EU
8 months ago
The Week in Ransomware - September 29th 2023 - Dark Angels
Securityaffairs
a month ago
Akira ransomware received $42M in ransom payments from over 250 victims
CISA
a month ago
CISA and Partners Release Advisory on Akira Ransomware | CISA