In the continually changing realm of cyber threats, organizations find themselves urgently needing to strengthen their cybersecurity measures to combat the increasing complexity of ransomware attacks. The focus is on Akira, a recently discovered ransomware family, highlighting a group of cyber adversaries armed with advanced tactics and led by highly skilled individuals.
In a recent analysis of blockchain and source code data, the Akira ransomware has surged to prominence, rapidly establishing itself as one of the fastest-growing threats in the cyber landscape. This surge is attributed to its adept utilization of double extortion tactics, adoption of a ransomware-as-a-service (RaaS) distribution model, and the implementation of unique payment options.
Who are the Targets?
The Akira ransomware made its debut in March 2023, and its sights are set on companies in the United States and Canada. But what is really catching attention is its unique Tor leak site, which, as per Sophos' report, brings back vibes of "1980s green-screen consoles." Users need to type specific commands to navigate through this throwback-style interface.
What is even more intriguing is that, despite sharing the same .akira file extension for encrypted files, the new Akira is nothing like its 2017 counterpart when it comes to the code under the hood. This twist highlights the ever-evolving nature of cyber threats, where old names come back with a new style and a fresh set of tricks.
The Akira encryptor
The Akira ransomware was found by MalwareHunterTeam, and they shared a part of it with BleepingComputer.
When it starts working, Akira does something serious – it deletes Windows Shadow Volume Copies on the device. It uses a special command to do this:
powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject"
Furthermore, linkages between the Akira ransomware group and the now-defunct Conti ransomware gang have come to light, indicating a potential affiliation. Conti, renowned as one of the most notorious ransomware families in recent history, is believed to have evolved from the highly targeted Ryuk ransomware, marking a lineage of prolific cyber threats. The intricate connections between these ransomware entities underscore the evolving nature of cyber threats and the persistence of criminal organizations in adapting and expanding their malicious operations.
