Trend Micro Puts The Spotlight On Akira Ransomware

Akira is rapidly rising as one of the fastest-growing ransomware groups due to its utilization of double extortion strategies, a ransomware-as-a-service (RaaS) distribution approach and distinctive payment methods. According to Trend Micro, Akira’s ties can be traced back to the now-defunct Conti ransomware family.

Canada is the top 3rd country affected by successful RaaS and extortion attacks in the first and second quarters of 2023, just behind U.S. and the U.K. As ransomware actors continue to advance their tactics, creating more sophisticated strains and causing financial and reputational damage to businesses, organizations must enhance their cybersecurity defenses to effectively combat these evolving threats.

Recent Akira activities:

  • June 2023: a mere three months following the initial discovery of Akira, the ransomware group encompasses Linux systems within its list of targeted systems.
  • August 2023: Akira focuses on Cisco VPN accounts lacking multifactor authentication (MFA)
  • September 2023:  An analysis of Akira variant Megazord is released.
    • This variant encrypts files with the “POWERRANGES” file extension and shares a ransom note, titled “powerranges.txt,” directing victims to get in touch with the ransomware actor through the TOX messenger.
  • September 6th 2023: Akira ransomware operators take advantage of CVE-2023-20269, a previously undisclosed security flaw, in two of their product offerings, specifically targeting the remote access VPN feature within the Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software.

Trend Micro has a report on Akira that you can read to gain further insight.

One Response to “Trend Micro Puts The Spotlight On Akira Ransomware”

  1. […] Akira ransomware group has been busy. I have written about them here, here, here, and here. And I fully expect to be writing about them in the future as they are […]

Leave a Reply

%d bloggers like this: