Saturday, March 29, 2025
Follow us On Linkedin
HomeCyber Security NewsAkira Ransomware Expands to Linux with In-built Tor Website

Akira Ransomware Expands to Linux with In-built Tor Website

Cyber Security NewsRansomware

Published on

By Eswar
Akira Ransomware Expands to Linux with In-built Tor Website

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

According to recent sources, threat actors have been working on a new variant of cross-platform ransomware that is named “Akira”.

Akira was introduced to the cybersecurity sector in March 2023, which targets several financial institutions and organizations for stealing sensitive data.

Akira has been using a Tor website for their communications with perpetrators and for posting the leaked data publicly if their ransom demands are not met from any of the affected organizations.

Threat actors using ransomware-as-a-service (RaaS) have increased among the cybercriminal community as several source codes of many ransomware were leaked online that are being used for malicious purposes.

Akira Tor website (Source: K7)

Akira Linux Variant

Threat actors have created unique public RSA keys and unique IDs for every organization they attack.

These identifiers are then used to find the appropriate decryption keys when the demands are met. In addition, the unique ID is also used for communication purposes.

Public RSA key (Source: K7)

The unique key ID and their corresponding public RSA key are linked along with the ransom note. Furthermore, the ransomware also consists of an exclusion list of files for encryption. 

Exclusion list (Source: K7)
Unique ID for communication (Source: K7)

The ransomware not only consists of an exclusion list, but also contains a list of file extensions to be encrypted, which includes .sqlite, .sqlite2, and .sqlite3. 

K7 has published a complete report on this ransomware which includes the command line arguments and other information.

Organizations are recommended to take extra precautions when it comes to ransomware attacks. It is safe to keep a backup of important files for recovering systems after a ransomware attack.

Avast has recently released a decrypter for the well-known Akira Ransomware on Windows. Additionally, they are currently working on a decrypter for the Linux version of the ransomware.

It is not recommended to pay ransom demands as there is no guarantee that the ransomware groups will decrypt the files.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitterand Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Press Release

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging...
cyber security

Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands

Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed "Morphing Meerkat," that leverages...
cyber security

New Python-Based Discord RAT Targets Users to Steal Login Credentials

A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community...
Android

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

PJobRAT, an Android Remote Access Trojan (RAT) first identified in 2019, has resurfaced in...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

cyber security

Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands

Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed "Morphing Meerkat," that leverages...
cyber security

New Python-Based Discord RAT Targets Users to Steal Login Credentials

A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community...
Android

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

PJobRAT, an Android Remote Access Trojan (RAT) first identified in 2019, has resurfaced in...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved