Akira Ransomware: FBI and Europol Sound Alarm Over $42M Loss

Prominent global agencies have flagged a newly-emerged ransomware group named Akira, estimated to be just a year old, for its widespread cyber intrusions, breaching over 250 organizations globally and raking in nearly $42 million in ransom payments.

Investigations led by the United States Federal Bureau of Investigation (FBI) have revealed that Akira has been actively targeting businesses and critical infrastructure across North America, Europe, and Australia since March 2023. Initially focused on Windows systems, Akira’s threat landscape expanded with the discovery of its Linux variant by the FBI.

Akira Ransomware Crisis

In response to this escalating threat, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) jointly issued a cybersecurity advisory (CSA) in a bid to raise awareness and mitigate the risks posed by Akira in the future.

“Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension. Akira threat actors have continued to use both Megazord and Akira, including Akira_v2 (identified by trusted third-party investigations) interchangeably.”

Akira has recently targeted Nissan Oceania and Stanford University in ransomware attacks. Nissan Oceania reported a data breach affecting 100,000 individuals in March, and Stanford University disclosed a security issue affecting 27,000 individuals last month, both incidents linked to Akira.

The threat actors are known to use a double-extortion tactic, encrypting systems after taking data. The ransom note gives each company a unique code and a .onion URL to contact them. They don’t ask for ransom or payment details on the hacked networks; they only share them when contacted by the victim.

Payments are in Bitcoin to the addresses they provide. These entities even threaten to publish stolen data on the Tor network and sometimes reach out to affected companies, according to the FBI’s official statement.

Ransomware Resurgence

Ransomware made a comeback in 2023, with payments surpassing $1 billion, marking an all-time high.

Centralized exchanges and mixers emerged as primary venues for laundering these illicit funds, dominating transaction channels. Despite this, newer laundering services like bridges and instant exchangers gained momentum throughout the year.