FBI Warns of Akira Ransomware Threats and Extortion Linked to Bitcoin
Akira Ransomware Group
The FBI warns of the Bitcoin ransomware group Akira, responsible for attacks on over 250 companies and extorting $42 million as of January 2024.
Akira's Evolution and Attack Techniques
- Akira threat actors have amassed an estimated $42 million in ransom payments as of January 1, 2024.
- Initially written in C++, Akira originally encrypted files with a .akira extension. However, variations have emerged. Starting August 2023, the group deployed the Rust-based Megazord ransomware, adding a .powerranges extension to its encrypted files. Some attacks now involve deploying both Megazord and Akira variants for increased impact.
Akira attackers gain entry through remote desktop protocols, spear phishing, and compromised credentials. They disable security software to move laterally across compromised networks using tools like PowerTool, and exfiltrate data with tools like FileZilla and WinSCP.
Risk Mitigations
- Implement comprehensive security recommendations provided by the FBI, CISA, EC3, and NCSC-NL to reduce the risk of Akira attacks.
- Exercise, test, and validate your organization's security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.