New Ransomware Strain Could Be Costing Businesses Millions

A new ransomware group known as Akira has emerged, targeting large businesses and demanding hefty ransom payments. The group was discovered by the MalwareHunterTeam, who obtained a sample of the encryptor and shared it with cybersecurity publication BleepingComputer. According to researchers, Akira launched its operations in March 2023 and has since claimed to have targeted 16 companies.

Akira does not appear to favor any specific industry vertical, as its victims have been from diverse sectors such as education, finance, real estate, manufacturing, and consulting. Out of the 16 targeted companies, Akira has already leaked data from four of them. The size of the leaked databases has varied, ranging from approximately 6GB to over 250GB.

Negotiations between Akira and its victims have revealed that the ransom demands can range from $200,000 to “millions of dollars.” However, the group is willing to reduce its demands for companies that do not require the decryptor and are primarily concerned about preventing the leakage of sensitive data on the dark web.

Akira’s tactics closely resemble those of other ransomware threat actors. They typically exploit vulnerabilities in hardware or software, or employ phishing techniques to gain access to a corporate network. Once inside, they move laterally across devices, stealing sensitive files and deploying the ransomware to all endpoints on the network. Payment is typically demanded in cryptocurrency.

As with any ransomware attack, it is crucial for organizations to maintain up-to-date software and hardware, employ robust antivirus and endpoint protection systems, and educate employees to recognize and mitigate phishing and social engineering attacks. These measures can significantly enhance an organization’s defenses against ransomware threats.