There’s a new ransomware player in town, targeting big businesses and demanding even bigger payouts from its victims.
The group, called Akira, was discovered by the MalwareHunterTeam, who discovered a sample of the encryptor and shared it with BleepingComputer. As per the researchers, Akira was launched in March 2023, and has since (by its own claims) raided 16 companies.
Akira targets mostly enterprises, but doesn’t seem to favor any specific vertical, as so far it targeted firms in education, finance, real estate, manufacturing, and consulting industries.
Millions of dollars
Of those 16, Akira leaked data belonging to four, with the leaked databases varying in size, from roughly 6GB to more than 250GB.
The publication has also seen some of the negotiations communication Akira conducted with its victims, from which it learned that the ransom ranges from $200,000, to “millions of dollars”. However, the group is happy to lower its demands for firms that don’t need the decryptor and just want to make sure the attackers don’t leak sensitive data to the dark web.
Other than that, the group’s modus operandi is similar to what we’ve seen with other threat actors. It will first look for an opening in a corporate network (either by phishing login credentials from gullible employees, or by exploiting a flaw in hardware and software), and then move laterally to as many devices as possible.
After gaining Windows domain admin credentials, the group would steal as many sensitive files as it can, before delivering the ransomware to all of the endpoints on the network. The payout is demanded in cryptocurrency.
As usual, the best way to defend against ransomware attacks is to keep both software and hardware up to date, to install state-of-the-art antivirus and endpoint protection systems, and to educate the staff to be able to spot phishing and social engineering attacks.
- Check out our list of the best malware removal software around