Megazord

Malware updated a year ago (2024-11-29T14:11:16.355Z)

Download STIX

Preview STIX

Megazord is a new variant of the Akira ransomware, first observed in deployment by Akira threat actors around August 2023. Initially focusing on Windows systems, the malware evolved to target Linux VMware ESXi virtual machines. Early versions of Akira were written in C++, encrypting files with an .akira extension. However, from August 2023, some attacks began deploying Megazord, which employs Rust-based code and encrypts files with a .powerranges extension. The Akira threat actors have continued to use both Megazord and Akira, including another variant, Akira_v2, interchangeably. In-depth analysis of the Megazord ransomware revealed that it was concurrently deployed with a second payload in certain attacks. This secondary payload was later identified as a novel variant of the Akira ESXi encryptor, "Akira_v2", which is also written in Rust. Several static and code similarities between Megazord and Akira suggest that Megazord could be an attempt to give Akira a new look or to evade detection by security software. The emergence of Megazord underscores the persistent and evolving threat posed by ransomware. With its ability to change file names by appending a .powerrangers extension, Megazord can cause significant disruption and potential data loss. To combat this threat, organizations are advised to maintain robust cybersecurity measures, including regular system updates, backups, and employee education about the risks of suspicious downloads, emails, and websites.

Description last updated: 2024-05-04T23:04:00.405Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Akira is a possible alias for Megazord. Akira is a potent ransomware that has been active since 2023, known for its aggressive encryption tactics and swift deployment. This malware, which brings a unique '80s aesthetic to the dark web, has quickly risen in prominence within the cybercrime landscape. It has targeted hundreds of victims glo	5
Akira_v2 is a possible alias for Megazord. Akira_v2 is a variant of the Akira malware, identified and confirmed by trusted third-party investigations. The Akira threat actors were initially observed deploying the Windows-specific "Megazord" ransomware, with further analysis revealing that a second payload, later identified as Akira_v2, was c	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Encryption

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The malware Powerranges is associated with Megazord.	Unspecified	2

Source Document References

Information about the Megazord Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	a year ago	Threat Assessment: Howling Scorpius (Akira Ransomware)
Securityaffairs	2 years ago	Akira ransomware received $42M in ransom payments from over 250 victims
CISA	2 years ago	#StopRansomware: Akira Ransomware \| CISA
CISA	2 years ago	CISA and Partners Release Advisory on Akira Ransomware \| CISA
CERT-EU	2 years ago	The Week in Ransomware - October 20th 2023 - Fighting Back
Fortinet	2 years ago	Ransomware Roundup - Akira \| FortiGuard Labs
CERT-EU	2 years ago	The Week in Ransomware - September 29th 2023 - Dark Angels