Monday, May 5, 2025
HomeCyber Security NewsAkira Ransomware Expands to Linux with In-built Tor Website

Akira Ransomware Expands to Linux with In-built Tor Website

Published on

SIEM as a Service

Follow Us on Google News

According to recent sources, threat actors have been working on a new variant of cross-platform ransomware that is named “Akira”.

Akira was introduced to the cybersecurity sector in March 2023, which targets several financial institutions and organizations for stealing sensitive data.

Akira has been using a Tor website for their communications with perpetrators and for posting the leaked data publicly if their ransom demands are not met from any of the affected organizations.

- Advertisement - Google News

Threat actors using ransomware-as-a-service (RaaS) have increased among the cybercriminal community as several source codes of many ransomware were leaked online that are being used for malicious purposes.

Akira Tor website (Source: K7)

Akira Linux Variant

Threat actors have created unique public RSA keys and unique IDs for every organization they attack.

These identifiers are then used to find the appropriate decryption keys when the demands are met. In addition, the unique ID is also used for communication purposes.

Public RSA key (Source: K7)

The unique key ID and their corresponding public RSA key are linked along with the ransom note. Furthermore, the ransomware also consists of an exclusion list of files for encryption. 

Exclusion list (Source: K7)
Unique ID for communication (Source: K7)

The ransomware not only consists of an exclusion list, but also contains a list of file extensions to be encrypted, which includes .sqlite, .sqlite2, and .sqlite3. 

K7 has published a complete report on this ransomware which includes the command line arguments and other information.

Organizations are recommended to take extra precautions when it comes to ransomware attacks. It is safe to keep a backup of important files for recovering systems after a ransomware attack.

Avast has recently released a decrypter for the well-known Akira Ransomware on Windows. Additionally, they are currently working on a decrypter for the Linux version of the ransomware.

It is not recommended to pay ransom demands as there is no guarantee that the ransomware groups will decrypt the files.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitterand Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...