Home SECURITY Akira ransomware is now cross-platform – at risk from Windows and Linux

Akira ransomware is now cross-platform – at risk from Windows and Linux

Akira ransomware is now cross-platform – at risk from Windows and Linux


Akira ransomware is now cross-platform – at risk from Windows and Linux

Akira ransomware was originally targeted at Windows and has now added new attack methods.

Akira’s new ransomware group is expanding its activities to target platforms based on linuxadding the “.akira” extension to each encrypted file.

The Akira ransomware has been active since March 2023 and targets a wide range of industries, including education, banking, financial institutions and insurance (BFSI), manufacturing, and professional services. By data Cyble, the group has already compromised 46 victims, most of them in the US.

The last discovered attack was carried out using a malicious 64-bit executable ELF-file for Linux. To run the Akira executable, you must specify certain parameters.

Required parameters to run the Akira executable

Upon startup, Akira loads a predefined public key RSA to encrypt files on the system. After initializing the public key, Akira loads a list of predefined file extensions to be encrypted.

File extensions targeted by Akira ransomware

Akira uses routine operations related to several symmetric algorithms − AES, CAMELLIA, IDEA-CB and DES. When a file with the specified extension is found, Akira encrypts it and leaves a ransom note on the infected machine.

During attacks, Akira uses a combination of AES and RSA encryption to make the victim’s files inaccessible. In addition to encrypting the victim’s files, Akira also removes shadow copies of files to prevent files from being recovered by other means.

Akira is new group of ransomware , active since at least March of this year. A distinctive feature of the Akira group is an individual approach to determining the amount of the cash ransom. Hackers are always carefully analyzing the size and profitability of a company and are even willing to make some “discounts” depending on the circumstances.

Attackers infect target computers through phishing emails, malicious ads, and software vulnerabilities. Once infected, the ransomware encrypts the files on the device with the extension “.akira” and then leaves a ransom note on the desktop with the address of the hackers on the dark web.

The South African Development Bank (Development Bank of Southern Africa, DBSA), which invests in infrastructure projects and educational projects in South Africa, recently announced that in May was the victim of a ransomware attack Akira group.

In turn, the Akira hackers stated that not related to the DBSA attack . According to the attackers, the bank’s systems were infected by another “unknown attacker” who used the Akira program without permission. The group offered the bank to help restore systems and data, and also promised that the stolen data would not be leaked to the public.


Source link



Please enter your comment!
Please enter your name here