According to recent sources, threat actors have been working on a new variant of cross-platform ransomware that is named “Akira”.
Akira was introduced to the cybersecurity sector in March 2023, which targets several financial institutions and organizations for stealing sensitive data.
Akira has been using a Tor website for their communications with perpetrators and for posting the leaked data publicly if their ransom demands are not met from any of the affected organizations.
Threat actors using ransomware-as-a-service (RaaS) have increased among the cybercriminal community as several source codes of many ransomware were leaked online that are being used for malicious purposes.
Threat actors have created unique public RSA keys and unique IDs for every organization they attack.
These identifiers are then used to find the appropriate decryption keys when the demands are met. In addition, the unique ID is also used for communication purposes.
The unique key ID and their corresponding public RSA key are linked along with the ransom note. Furthermore, the ransomware also consists of an exclusion list of files for encryption.
The ransomware not only consists of an exclusion list, but also contains a list of file extensions to be encrypted, which includes .sqlite, .sqlite2, and .sqlite3.
K7 has published a complete report on this ransomware which includes the command line arguments and other information.
Organizations are recommended to take extra precautions when it comes to ransomware attacks. It is safe to keep a backup of important files for recovering systems after a ransomware attack.
Avast has recently released a decrypter for the well-known Akira Ransomware on Windows. Additionally, they are currently working on a decrypter for the Linux version of the ransomware.
It is not recommended to pay ransom demands as there is no guarantee that the ransomware groups will decrypt the files.
Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
Microsoft has removed two widely-used Visual Studio Code (VS Code) extensions, “Material Theme Free” and…
A new ransomware group, dubbed Anubis, has emerged as a significant threat in the cybersecurity…
A new wave of cyberattacks targeting WordPress websites has been uncovered, with attackers leveraging fake…
A newly identified cybercriminal group, LARVA-208, also known as EncryptHub, has successfully infiltrated 618 organizations…
A new wave of sophisticated cyberattacks targeting macOS systems has been identified, involving two malware…
The modern cybersecurity landscape is witnessing an unprecedented surge in sophisticated attack techniques, with adversaries…